Reconciling Mozilla's Mission and W3C EME

May 19 Update: We’ve added an FAQ below the text of the original post to address some of the questions and comments Mozilla has received regarding EME.

With most competing browsers and the content industry embracing the W3C EME specification, Mozilla has little choice but to implement EME as well so our users can continue to access all content they want to enjoy. Read on for some background on how we got here, and details of our implementation.

Digital Rights Management (DRM) is a tricky issue. On the one hand content owners argue that they should have the technical ability to control how users share content in order to enforce copyright restrictions. On the other hand, the current generation of DRM is often overly burdensome for users and restricts users from lawful and reasonable use cases such as buying content on one device and trying to consume it on another.

DRM and the Web are no strangers. Most desktop users have plugins such as Adobe Flash and Microsoft Silverlight installed. Both have contained DRM for many years, and websites traditionally use plugins to play restricted content.

In 2013 Google and Microsoft partnered with a number of content providers including Netflix to propose a “built-in” DRM extension for the Web: the W3C Encrypted Media Extensions (EME).

The W3C EME specification defines how to play back such content using the HTML5 <video> element, utilizing a Content Decryption Module (CDM) that implements DRM functionality directly in the Web stack. The W3C EME specification only describes the JavaScript APIs to access the CDM. The CDM itself is proprietary and is not specified in detail in the EME specification, which has been widely criticized by many, including Mozilla.

Mozilla believes in an open Web that centers around the user and puts them in control of their online experience. Many traditional DRM schemes are challenging because they go against this principle and remove control from the user and yield it to the content industry. Instead of DRM schemes that limit how users can access content they purchased across devices we have long advocated for more modern approaches to managing content distribution such as watermarking. Watermarking works by tagging the media stream with the user’s identity. This discourages copyright infringement without interfering with lawful sharing of content, for example between different devices of the same user.

Mozilla would have preferred to see the content industry move away from locking content to a specific device (so called node-locking), and worked to provide alternatives.

Instead, this approach has now been enshrined in the W3C EME specification. With Google and Microsoft shipping W3C EME and content providers moving over their content from plugins to W3C EME Firefox users are at risk of not being able to access DRM restricted content (e.g. Netflix, Amazon Video, Hulu), which can make up more than 30% of the downstream traffic in North America.

We have come to the point where Mozilla not implementing the W3C EME specification means that Firefox users have to switch to other browsers to watch content restricted by DRM.

This makes it difficult for Mozilla to ignore the ongoing changes in the DRM landscape. Firefox should help users get access to the content they want to enjoy, even if Mozilla philosophically opposes the restrictions certain content owners attach to their content.

As a result we have decided to implement the W3C EME specification in our products, starting with Firefox for Desktop. This is a difficult and uncomfortable step for us given our vision of a completely open Web, but it also gives us the opportunity to actually shape the DRM space and be an advocate for our users and their rights in this debate. The existing W3C EME systems Google and Microsoft are shipping are not open source and lack transparency for the user, two traits which we believe are essential to creating a trustworthy Web.

The W3C EME specification uses a Content Decryption Module (CDM) to facilitate the playback of restricted content. Since the purpose of the CDM is to defy scrutiny and modification by the user, the CDM cannot be open source by design in the EME architecture. For security, privacy and transparency reasons this is deeply concerning.

From the security perspective, for Mozilla it is essential that all code in the browser is open so that users and security researchers can see and audit the code. DRM systems explicitly rely on the source code not being available. In addition, DRM systems also often have unfavorable privacy properties. To lock content to the device DRM systems commonly use “fingerprinting” (collecting identifiable information about the user’s device) and with the poor transparency of proprietary native code it’s often hard to tell how much of this fingerprinting information is leaked to the server.

We have designed an implementation of the W3C EME specification that satisfies the requirements of the content industry while attempting to give users as much control and transparency as possible. Due to the architecture of the W3C EME specification we are forced to utilize a proprietary closed-source CDM as well. Mozilla selected Adobe to supply this CDM for Firefox because Adobe has contracts with major content providers that will allow Firefox to play restricted content via the Adobe CDM.

Firefox does not load this module directly. Instead, we wrap it into an open-source sandbox. In our implementation, the CDM will have no access to the user’s hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.

Traditionally, to implement node-locking DRM systems collect identifiable information about the user’s device and will refuse to play back the content if the content or the CDM are moved to a different device.

By contrast, in Firefox the sandbox prohibits the CDM from fingerprinting the user’s device. Instead, the CDM asks the sandbox to supply a per-device unique identifier. This sandbox-generated unique identifier allows the CDM to bind content to a single device as the content industry insists on, but it does so without revealing additional information about the user or the user’s device. In addition, we vary this unique identifier per site (each site is presented a different device identifier) to make it more difficult to track users across sites with this identifier.

Adobe and the content industry can audit our sandbox (as it is open source) to assure themselves that we respect the restrictions they are imposing on us and users, which includes the handling of unique identifiers, limiting the output to streaming and preventing users from saving the content. Mozilla will distribute the sandbox alongside Firefox, and we are working on deterministic builds that will allow developers to use a sandbox compiled on their own machine with the CDM as an alternative. As plugins today, the CDM itself will be distributed by Adobe and will not be included in Firefox. The browser will download the CDM from Adobe and activate it based on user consent.

While we would much prefer a world and a Web without DRM, our users need it to access the content they want. Our integration with the Adobe CDM will let Firefox users access this content while trying to maximize transparency and user control within the limits of the restrictions imposed by the content industry.

There is also a silver lining to the W3C EME specification becoming ubiquitous. With direct support for DRM we are eliminating a major use case of plugins on the Web, and in the near future this should allow us to retire plugins altogether. The Web has evolved to a comprehensive and performant technology platform and no longer depends on native code extensions through plugins.

While the W3C EME-based DRM world is likely to stay with us for a while, we believe that eventually better systems such as watermarking will prevail, because they offer more convenience for the user, which is good for the user, but in the end also good for business. Mozilla will continue to advance technology and standards to help bring about this change.

FAQ

What did Mozilla announce?
In a sentence: Mozilla is adding a new plug-in integration point to Firefox to allow an external DRM component from Adobe to supply the function of decrypting and decoding video data in a black box which is designed to make it difficult for the user to extract the decryption keys or the decrypted compressed data.

A plug-in of this new type is called a Content Decryption Module (CDM) and is exposed to the Web via the Encrypted Media Extensions (EME) API proposed at the W3C by Google, Microsoft and Netflix (Here is a short technical explanation of EME). A CDM integrates with the HTML5 <video> and <audio> support provided by the Gecko engine instead of the <embed> or <object> elements that third parties have historically used to enable playback for video wrapped in DRM to Firefox, via software such as Adobe Flash Player and Microsoft Silverlight. We have formed a relationship with Adobe, who will distribute to end users a Firefox-compatible CDM implementing the Adobe Access DRM scheme, and Firefox will facilitate the download and installation of that CDM. Streaming services requiring DRM and implementing the EME-compatible version of Adobe Access should thereby, if they choose to, be able to stream media to Firefox Desktop users on Windows, Mac or Linux.

Does this mean Mozilla is adding DRM to Firefox?
No. Mozilla is providing a new integration point for third-party DRM that works with Firefox. Third-party DRM that works with Firefox is not new. Firefox (and every other browser) already provides another integration point for third parties to ship DRM: the Netscape Plugin API (NPAPI), which has been part of web browsers since 1995. What’s new is the ability of the third-party DRM to integrate with the HTML <video> element and its APIs when previously third-party DRM instead integrated with the <embed> and <object> elements. When integrating with <video>, the capabilities of the DRM component are more limited, and the browser has control over the style and accessibility of the playing video.

Firefox, as shipped by Mozilla, will continue to be Free Software / Open Source Software.

Why is Mozilla adding a new DRM integration point when the NPAPI already exists?
NPAPI plug-ins come with much more than just DRM. In addition to the Adobe Access DRM component, Adobe Flash Player comes with an entire ActionScript runtime, a broad set of APIs, a graphics stack, a media stack and a networking stack. Likewise, in addition to the PlayReady DRM component, Microsoft Silverlight comes with a CLI virtual machine, a broad set of APIs, a graphics stack, a media stack and a networking stack. Driven in major part by Mozilla, the Open Web Platform is growing to match almost all the functionality that Adobe Flash Player or Microsoft Silverlight provide—with one big exception being DRM, which is necessarily non-open. The use of NPAPI plug-ins in most other situations is not as sustainable as it once was. As plugin owners start to migrate from supporting their plugins (for example, Microsoft appears to be ending Silverlight support and Adobe has discontinued Flash for Android), Firefox cannot continue to rely on NPAPI plug-ins for providing video DRM (and thereby allow users to watch movies from major Hollywood studios).

The new CDM integration point is a much more focused plug-in API than the NPAPI. It permits a third-party component to provide the one function that an Open Source implementation of the Open Web Platform cannot provide to Hollywood’s satisfaction: decrypting and decoding video while aiming to make it very difficult for the end-user to tamper with the process. The browser’s media stack and the associated HTML5 APIs can be used for everything else. Since a CDM has less functionality than NPAPI plug-ins, it is easier to sandbox a CDM and easier to port it to new platforms.

Why isn’t DRM dying together with NPAPI plug-ins?
Mozilla’s competitors don’t appear to be letting DRM die together with NPAPI (or ActiveX) plug-ins. In fact, the Encrypted Media Extensions API was developed by Microsoft, Google and Netflix and Microsoft and Google have already implemented EME in their respective browsers.

Netflix operates a massively popular (where available) online service that allows end-users to watch movies from major Hollywood studios and they are already serving content to Internet Explorer and Chrome OS using EME with Microsoft’s and Google’s own DRM schemes (PlayReady and Widevine).

If Mozilla didn’t enable the possibility of installing the Adobe Access CDM for use with EME, we’d be in a situation similar to the one we were in when we did not support the H.264 codec in HTML5 video. Instead of moving away from H.264, Web sites still delivered H.264 video to Firefox users—but did it via the NPAPI using Adobe Flash Player or Microsoft Silverlight rather than via the <video> tag.

Similarly, if Mozilla didn’t enable the use of a Hollywood-approved DRM scheme with HTML5 video using EME, Firefox users would need to continue using Flash, Silverlight or another NPAPI plugin to view Hollywood movies on Windows and Mac. As noted in the previous answer, the long-term future of that capability is in doubt, and the experience (both in terms of installation and in terms of performance) would be worse than the experience in Chrome and IE with their bundled EME CDMs. On other operating systems, Firefox users would be locked out of viewing Hollywood movies (as is the case today), but other browsers, for example Chrome on Linux and Android, would be in a position to support them.

The ability to watch movies from major Hollywood studios is a feature users value. Netflix alone accounts for fully 1/3 of bandwidth usage in North America during the evening peak time. We expect that many users around the world would switch browsers in pursuit of this ability, or of a better experience, if Firefox provided either no experience or a worse experience (depending on operating system).

How will Firefox facilitate the installation of the Adobe Access CDM?
The user experience for EME in Firefox is still being considered. Users will have choice whether to enable use of the CDM.

What does this mean for interoperability of the EME specification?
The Adobe Access CDM as used with Firefox will support ISO Common Encryption (CENC). This is a way of encrypting individual tracks within an MP4 container using 128-bit AESCTR such that the MP4 file declares the key identifiers for the AES keys needed for decryption but doesn’t contain the keys themselves. It is then up to the CDM to request the AES keys by ID from a key server that knows how to talk with the CDM. (The communication between the CDM and the key server is mediated through the EME API and a JavaScript program that can relay the EME messages to the key server over XMLHttpRequest.)

It follows that a site can serve the same MP4/CENC files and the same JavaScript program to different browsers that have CDMs for different DRM schemes, as long as the site runs a distinct key server for each DRM scheme, since each DRM scheme has its format for the EME-mediated messages between the CDM and the key server.

So there is expected to be interoperability on the level of media files and on the level of JS code served to different browsers, but CDMs from different vendors are expected to acquire keys using mutually incompatible protocols. (The EME API sees byte buffers whose contents are opaque to EME.)

Whether EME+CENC is an interoperability improvement depends on what you compare it to. When a content provider operates a full array of key servers for the various DRM schemes that different players may support, it will be an interoperability improvement compared to video delivered via Adobe Flash Player or Microsoft Silverlight, or via apps written for a small set of specific mobile platforms. However, if a content provider doesn’t operate a full array of key servers and caters only to a subset of the EME-relevant DRM schemes, interoperability may not be as good as that provided by current plug-ins. And no DRM scheme can provide the full interoperability benefits of DRM-less HTML5 video.

Won’t having to support multiple key servers with mutually incompatible DRM protocols (in order to get cross-browser support) make Web publishing prohibitively expensive for independent publishers?
DRM is a requirement imposed by the major studios onto services that license movies from them. Independent video publishers can avoid the cost of DRM by not imposing a DRM requirement on themselves.

Which streaming services will be supported?
This is a new agreement with Adobe and it’s too early to be certain exactly which streaming services will support it.

Since the Adobe Access CDM contains an H.264 decoder, does this mean that the decoder can be used for non-DRM content?
Yes. The CDM component could also be used to provide non-DRMed H.264 and/or AAC support in the <video> tag. It is not yet determined for certain where, when and if this capability will be used—that depends on the availability of other options (such as OpenH264).

The market conditions regarding the need for H.264 support in the browser have not changed significantly since Mozilla made the decision in 2012 to provide support for it (via OS libraries or third party software). Mozilla continues to believe that patent un-encumbered codecs are best for the web, and encourages video producers to use open codecs (WebM for example) without the use of DRM.

What does this mean for downstream users of the Firefox code base?
The solution consists of three parts: the browser, the CDM host and the CDM.

The CDM host is an executable distinct from the browser that communicates with the browser using an inter-process communication (IPC) mechanism. The CDM is a shared library loaded by the CDM host. The CDM host drops privileges, such as disk and network access, before calling into the CDM.

Mozilla will develop the CDM host and is planning on making its code open source as is the norm for Mozilla-developed code. However, the CDM will refuse to work if it finds itself in a host that isn’t identical to the Mozilla-shipped CDM host executable. In other words, downstream recipients of the source code for the CDM host won’t be able to exercise the freedom to modify the CDM host without rendering it useless (unless they also make arrangements with Adobe).

This leaves downstream users of the Firefox code base with the following options:

  1. Not supporting the Adobe Access CDM.
  2. Distributing their own browser build that retains Firefox’s IPC behavior and distributing a copy of Mozilla’s CDM host executable.
  3. Distributing their own browser build that retains Firefox’s IPC behavior and distributing a self-built CDM host executable that is bit-identical to Mozilla’s CDM host executable. (I.e. this requires doing the work to achieve deterministic builds for the CDM host.)
  4. Making arrangements directly with Adobe to get a non-Mozilla CDM host executable recognized by the CDM.

Do I have to run proprietary software in order to use Firefox?
No. The Adobe Access CDM is entirely optional. However, we expect Hollywood studios, via their video streaming partners, to deny you access to view their content using the <video> tag if you choose not to use it.

Does this mean applying DRM to HTML?
No, this is about enabling DRM to be applied to video and audio tracks when played using HTML facilities. The DRM doesn’t apply to the HTML document that contains the video or audio element, to page images, or anything else other than video and audio tracks. There are no plans to support DRM for captioning data, for example. Mozilla strongly opposes any future expansion in scope of the W3C EME specification.

Why is DRM supported for the <audio> element?
“Audio” is a subset of “video with audio,” so if we restricted DRM to the <video> element, those who wished to use DRM with audio would just use a “video-less video.”

Also, even though record labels gave up on DRM for music files which are sold to users, they still require DRM for music subscription services (that is, services where the user loses the ability to play the music upon terminating the subscription). Support for EME in the <audio> element helps move those services move off NPAPI plug-ins.

About Andreas Gal

Dr. Andreas Gal is Chief Technology Officer and VP Mobile at Mozilla, leading technical decision making, representing Mozilla externally on technology, and managing R&D programs. Dr. Gal co-founded the Boot to Gecko open mobile ecosystem and is driving its continued evolution as Firefox OS. Previously, he worked as a project scientist at the University of California, Irvine, working in the Secure Systems and Languages Laboratory of Professor Michael Franz. His background is in secure systems, type-safe languages, dynamic compilation, and VMs. He holds a Ph.D. in Computer Science from the University of California, Irvine.

More articles by Andreas Gal…


466 comments

  1. José Pedro

    An attempt to convince the content industry to develop their DRM schemes using asm.js would be the ideal solution in my opinion. If necessary, providing the API to get the unique identifier and similar situations, but at least this way the code would be guaranteed to work in any device, independent of proprietary closed source code that was not compolied for this OS or that architecture.

    The only difference would be that the DRM system, instead of being visible in assembly, would be visible in javascript made to resemble assembly for performance goals, which is not that different.

    This way, the responsibility for the DRM system doesn’t rely with the browser, but with the website provider (which is also an advantage to them while still being a clear winner for everyone).

    May 14th, 2014 at 10:27

  2. Brandon Frohs

    Will default builds have the option of disabling this? Or perhaps an option to download a build with this disabled? I’d rather suffer without than support this in any way.

    May 14th, 2014 at 10:30

    1. Gervase Markham

      The exact user experience is still to be decided, but it will definitely not activate and run without you explicitly agreeing. You will be able to say No.

      May 14th, 2014 at 10:51

  3. Alice

    “Firefox should help users get access to the content they want to enjoy, even if Mozilla philosophically opposes the restrictions certain content owners attach to their content.”

    This is essentially a change in Mozilla’s policy, right? 10 years ago the story around Flash Player was pretty much the same, and Mozilla’s response then was to allow third parties to implement it, but not to implement it in-house or make it an integrated part of the browser.

    Maybe I live in a bubble, but I don’t see EME being more ubiquitous today than Flash was a decade ago.

    “We have come to the point where Mozilla not implementing the W3C EME specification means that Firefox users have to switch to other browsers to watch content restricted by DRM.”

    I’m not sure what “we have come to the point” means. Hasn’t this always been true for Firefox? Unless you count proprietary plugins like Flash Player, of course, but if you count them then the sentence makes no sense.

    May 14th, 2014 at 10:30

    1. Gervase Markham

      Flash and Silverlight are slowly going away, and streaming sites are moving to EME. Currently, users can watch DRMed movies in Firefox using Silverlight/Flash. In the future, that will not be possible, and if we don’t implement EME, they will have two choices – don’t watch the video, or use another browser. Switching browsers is not hard.

      May 14th, 2014 at 10:53

      1. Nick Mailer

        Gerv, until today, Mozilla was a light unto the nations. With this announcement, it becomes just another timorous capitulator to enslavement. Shame on everyone at Mozilla for failing to live up to its credo and becoming just another servant to mammon.

        May 14th, 2014 at 13:16

        1. jh

          well maybe if chrome didnt have the largest advertising company in the world behind it taking users from ff, mozilla would have more weight to throw around

          before mozilla can do anything against the huge money of content owners, b2g needs traction and desktop needs to pull back users

          if the snowden papers didnt convince people to stop using google, why would drm?

          May 14th, 2014 at 14:26

          1. Joaren

            If Mozilla hadn’t been dragging their feet for years and letting Chrome make them look like the crappy, outdated and slow codebase that they are, this wouldn’t be an issue.

            The only remaining reason to switch /to/ Firefox, that it is more open, just got cancelled.

            May 14th, 2014 at 14:57

          2. Dissappointed

            Do we not remember the tech behemoth that Mozilla took on in the early days to get we’re it is today? They had no weight to throw around then just an idea and philosophy.

            May 14th, 2014 at 18:53

        2. Ralph T Boise

          Once again Mozilla proves they are willing to bend to the will of the ignorant masses. Doing the wrong thing in order to save potential market share. Well you just lost another user.

          May 14th, 2014 at 16:27

  4. Anders

    So I guess one way to view it would be to say that you are now bundling (part of) the Flash Player as e.g. Chrome have done for some time. I guess that is both good and bad.
    Why couldn’t the the CDM be developed in house at Mozilla rather than being gotten from Adobe?
    How will it be verified that the CDM do not access files nor net (not that the Flash plugin is not guarantied not to today)?
    I assume, it is expected that patches, which spoof the “device identifier”, will quickly become available, perhaps as an add-on. So how is this identifier useful?

    May 14th, 2014 at 10:46

    1. Gervase Markham

      We can’t develop a CDM in house because a DRM system consists of a lot more than technology – it’s also many business relationships, and legal things.

      The CDM’s capabilities are constrained by the (open source and auditable) sandbox which surrounds it.

      The CDM also verifies that the sandbox is one it trusts, so if you patch the sandbox, the CDM will no longer work.

      May 14th, 2014 at 10:55

      1. hugo

        How can the CDM verify the sandbox and at the same time be restricted by it? This sounds like a serious bootstrapping problem.

        May 14th, 2014 at 11:02

      2. Weeble

        How does the CDM verify the integrity of the sandbox if all information entering the CDM is provided by the sandbox? What stops a patched sandbox from concealing its modifications when the CDM tries to inspect it?

        May 14th, 2014 at 11:16

      3. anfemfjs

        How can the CDM verify the sandbox without breaking out of it?

        May 14th, 2014 at 12:37

        1. hsivonen

          Sandboxing means that there’s a process that drops privileges to request things from outside the process. Code it the dropped-privilege process can still see the memory of that process itself and make decisions based on what it sees there.

          May 15th, 2014 at 03:46

      4. Anders

        I think the answer to the question I meant to ask, is that the CDM is not an implementation of a standard specification. Instead it is the client portion of Adobes DRM system, that will speak to Adobes video server. What other systems could you have chosen (one from Microsoft, Apple, ..)? Would you consider supporting these in the future (as this seems to entrench Adobe as a monopoly)? Or are they supported by Adobe’s client?

        The article already said that it will be in a sandbox. But what kind of sandbox (on windows)? VM, Nacl, user-rights constrained? Will it be statically analyzed? It seems you want to treat the CDM as untrusted code and building a sandbox for such doesn’t seem to be easy (it seems Adobe and Sun have still not succeeded).

        I don’t get how the CDM can have access to checking the integrity of the sandbox while at the same time being constrained to only access the world through the sandbox.

        May 14th, 2014 at 12:41

        1. Gervase Markham

          Technical FAQ coming in 24/48 hours which should hopefully answer a lot of your questions.

          May 14th, 2014 at 12:49

          1. Anders

            Great, thanks for your replies.

            May 14th, 2014 at 13:20

          2. Anders

            … also, please fix your messaging. You haven’t added DRM to FF. You have made Flash player obsolete by killing of most of its reason to exist (see Media Source Extensions) and sand-boxing the rest.

            May 14th, 2014 at 13:40

      5. xplt

        >>”The CDM also verifies that the sandbox is one it trusts, so if you patch the sandbox, the CDM will no longer work.”

        Great, just great. So, if I (theoretically) port Fx to a new platform w/o Mozilla’s help, do sandbox “turn into pumpkin” and become completely useless?

        May 15th, 2014 at 04:39

        1. Gervase Markham

          We can’t force anyone – not Adobe, and not the content owners – to support platforms they don’t want to support. We’ve negotiated with Adobe to get Linux support (exactly what architectures etc., I’m not sure) and perhaps we can do more in the future. But it’s true – when a component isn’t under your control, sometimes unfortunate things happen. We can’t fix everything. If we could, we would wave our wand, eliminate DRM, and we wouldn’t be doing EME.

          May 15th, 2014 at 05:39

  5. Mike

    Ceding more control over the Internet and user’s devices to content industry is not the answer. This is going to turn out very, very badly. Why is it impossible for any company to stand up for users and at long last say “NO!” to those who’s demands are essentially pretext for their desire to enforce a particular business model and limit competition in protection of gross profit.

    May 14th, 2014 at 10:49

    1. sonny

      Users could stand up for themselves and say no to DRM based commercial products.

      It is likely to happen once someone launch a competitive and permissive VOD platform.

      i.e. “example is better than netflix because you can buy/rent the movie on your desktop then start it on your mobile then continue on your tablet”

      May 14th, 2014 at 11:00

      1. Gervase Markham

        For that platform to be competitive, it needs Hollywood content… so, as things currently stand, it can’t be permissive. If it were that easy, someone would have done it. :-|

        May 14th, 2014 at 11:05

        1. sonny

          I didn’t mean it was going to happen soon.

          Meanwhile, I definitely prefer strongly sandboxed Adobe’s CDM over any closed source plugin.

          May 14th, 2014 at 11:14

          1. Sean Lang

            There actually is a platform like the one you described, it’s called “The Pirate Bay” or more recently “Popcorn Time”. Despite constant legal threats and a generally awful “ease of use”, it has grown to be immensely popular.

            And it’s not just because people can get things for free – I wouldn’t even mind paying for good content. It’s because the media industry has such a restrictive content distribution platform that it is actually easier for users to navigate through ad-laden torrent sites than it is for them to buy content.

            Or, to quote Gabe Newell: “Pirates are underserved customers”… they’re not out for freebies, they just hate handcuffs like DRM and standing in line.

            May 14th, 2014 at 20:43

  6. Renato Zannon

    I’m happy to see that Mozilla values the choice of its users (as in choosing to consume DRM-restricted content), as opposed to going the FSF way of denying users this choice (which effectively would result in users migrating from Firefox, as the article states).

    I hope for a future where restricting users and browser vendors isn’t seem as an acceptable option by content providers.

    May 14th, 2014 at 10:58

    1. Sean Lang

      And how exactly are we going to arrive at that future, when organizations like Mozilla (who used to support freedom) give in to ridiculous demands like implementing DRM?

      May 15th, 2014 at 02:02

      1. Gervase Markham

        How are we going to arrive at that future if Firefox on the desktop has a negligible market share?

        We have found we can’t move this market. Perhaps user power can.

        May 15th, 2014 at 05:41

        1. Sean Lang

          Do you have any data to suggest that Firefox’s market share will become “negligible” if it doesn’t implement this? Or are you just guessing on that?

          Because I would assume the exact opposite: Firefox will fall into irrelevance if it _does_ implement DRM. A dedication to protecting user freedom is the only reason to still use Firefox – if you lose that, then there’s no reason not to use Chrome.

          May 16th, 2014 at 08:55

  7. Jerome

    Does this work on linux ? Because if so explain to me how you expect to protect the content from being capture after the cdm.

    May 14th, 2014 at 11:01

    1. Kevin Krammer

      I would count on it.
      Linux is the only platform where this is actually necessary, since it is the only platform that does not ship a CDM implementation as part of the system.

      Windows, OSX, iOS and Android all ship (or will ship) the respective vendor’s CDM, so users on those systems will only need Adobe’s CDM if there are content providers that only license Adobe’s system.

      May 14th, 2014 at 14:06

      1. Gervase Markham

        Not so; the CDMs ship but the way to talk to them is not documented. So using a system CDM is very difficult. We will be using the Adobe CDM on all of Windows, Mac and Linux.

        May 14th, 2014 at 14:14

        1. Kevin Krammer

          Right, I am sorry for being ambiguous.

          What I meant was that from a user’s point of view the other platforms do have support for DRM already, a user on such a platform is not likely in a situation where they would need Adobe’s DRM specifically.

          Linux, as the platform without system DRM, is the only one that Adobe can use as a selling point.
          Content publishers who already license the three platform DRMs already reach all the other users on these platforms

          May 14th, 2014 at 14:48

        2. Kevin Krammer

          Forgot to add that it is of course good that Firefox brings Adobe’s DRM to all platforms, so that in the, albeit unlikely, situation that a publisher has only licensed Adobe’s DRM, users of Windows, OSX or mobile platforms can still get the content.

          May 14th, 2014 at 14:51

  8. Jerome

    Does this work on linux ? Because if so explain me how you intend to block any application from capturing the decrypted stream ?

    May 14th, 2014 at 11:03

  9. M Lines

    Not using Firefox anymore.

    May 14th, 2014 at 11:03

    1. Daniel Veditz

      Sorry to hear that. Do you mind me asking which browser you’re going to switch to? Obviously not Chrome, IE, Safari, or Opera since they already support this (or plan to).

      http://w3cmemes.tumblr.com/post/72656795863/its-all-the-w3cs-fault

      May 14th, 2014 at 14:35

      1. Hugo

        (Any other one, since no browser will respect your privacy anymore, better be with the fasts and performant (V8 & Blink) )

        May 14th, 2014 at 15:07

        1. John Doe

          GNU IceCat (a Firefox fork) still respects your freedom. You can be pretty sure that they’ll never implement DRM since it’s an official GNU project.

          May 14th, 2014 at 23:56

      2. Lev Lafayette

        “Do you mind me asking which browser you’re going to switch to?”

        Lynx :)

        May 14th, 2014 at 18:00

      3. hans

        Since your project stopped being about transparency, privacy and security, what about SRWare Iron?

        May 14th, 2014 at 20:32

  10. dattaz

    Hum..that bad, but you right about Firefox users will switch to other browsers
    I hope Firefox will remain free and totally open.
    Do you have imagined to make that sandbox with ADOBE DRM, in an add-ons ?
    If yes, why you don’t try this solution ?
    If not, can you consider this solution ?

    May 14th, 2014 at 11:11

    1. Gervase Markham

      If we made it an addon, users would need to specifically install it to get sites to work, and it would be as easy just to install Chrome. In order to avoid losing users, we need to provide a user experience which is broadly comparable.

      May 14th, 2014 at 13:59

      1. kysofer

        Is it possible to provide a second version of Firefox which is DRM free and for experimented user ?

        Personnally I will never use a brower with DRM included => Iceweasel maybe ?

        May 14th, 2014 at 14:52

      2. dattaz

        You say, when a web site want to use DRM, we will have an explicit message to accept.
        But if in this message, accepted mean : install directly add-ons from Mozilla, it’s also easy like today proposition.

        People who want DRM are happy, People who don’t want DRM are happy too.

        May 14th, 2014 at 22:15

  11. Enzzo

    Please but a big button for disable all binary blobls on configs. =)

    May 14th, 2014 at 11:12

    1. Gervase Markham

      You will be able to say No to activating the DRM module.

      May 14th, 2014 at 14:00

  12. Kevin Krammer

    I don’t quite get the part about the silver lining.

    Without a plugin mechanism for CDMs users will end up having to use multiple browsers.

    It is the escalation of the “best viewed with” problem: “only viewed with”

    For example, assuming that Google doesn’t strike a similar deal with Adobe: a Chrome user facing a server with the Adobe backend will have to switch to Firefox while a Firefox user facing a server with the Google backend will have to switch to Chrome, no?

    May 14th, 2014 at 11:15

    1. Gervase Markham

      We expect that most or all sites which need to deploy DRMed video will make deals with all the CDM providers. If they did not, they would be restricting their reach for no reason. So we expect and hope that sites which only support “Firefox’s DRM” or “Chrome’s DRM” will not be common.

      May 14th, 2014 at 14:02

      1. Kevin Krammer

        Is this realistic?

        Experience has shown that many of these sites do not consider Linux users to be a large enough target group to qualify for the necessary investment.

        And Linux users are the only target group that does not have access to one of the DRM systems that the big OS vendors ship.
        Users on Windows, OSX, iOS, Android and ChromeOS will already have access to their respective platform vendor’s DRM, so any service considering the additional expense of Adobe’s DRM must want to reach users outside of those platforms and which one aside from Linux would that be?

        May 14th, 2014 at 14:13

        1. Gervase Markham

          It doesn’t work like that. Users on Windows only have access to Windows’ DRM when using IE. If they are using Chrome, they’ll be using Google’s DRM, and if they are using Firefox and choose to enable it, they’ll be using Adobe’s.

          So sites will support Adobe’s DRM if they want to reach Firefox users (and the users of any other browser which Adobe reaches an agreement with).

          May 15th, 2014 at 05:43

          1. Kevin Krammer

            As far as I understood the discussions on the W3C lists, Microsoft’s plan is to make their CDM a system component/service that any browser on the platform can use.

            Independent of that, it boils down to costs.
            If the Adobe server side license is cheap then service providers will buy it.
            If it is not, it will be easier to detect the user’s platform and just redirect them to the system’s default browser.

            After all, the narrative seems to be that users want the content, so they won’t have any problem switching to an already installed browser.

            And if Adobe is not contractually prohibited to license their CDM to one of the compeitors, e.g. Google for Chrome, then this will have been all for nothing

            I really hope that the whole mess of users having to run multiple browser will finally be the downfall of Web DRM

            May 15th, 2014 at 09:43

  13. Rob Myers

    You are betraying your users.

    Mozilla becoming just another entertainment industry attack on our freedom is what will truly make you irrelevant.

    I’ve uninstalled Firefox.

    It’s time for a serious fork.

    May 14th, 2014 at 11:17

    1. jh

      because they give you the option to say yes to hollywood content?

      you are being forced to consume netflix

      May 14th, 2014 at 14:33

      1. Hugo

        We don’t know to which point it will be an option, this staff even sandboxed and disabled will be closely tied to codecs and video and user identity (since DRM are based on that) so it can potentially open privacy breaches. There are not a lot of people who achieved perfect sandboxing… Includinig closed source code from American companies is not very reassuring especially these times…

        Then it’s not about DRM, it’s about philosophy, if Mozilla accepts this today,this mean they can accept more closed source staff from big (sponsored by the NSA most of the time) buisness companies. It’s a very serious issue because it could show a change of direction of Mozilla towards feature and content rather than privacy.

        May 14th, 2014 at 15:17

        1. Gervase Markham

          Not so. This move doesn’t mean “yeah, all closed source code is now OK”. It simply means that there’s no way to do this today without the involvement of closed source code, and doing it was considered less bad than not doing it. I very much hope this situation will not occur again; the best way to ensure that is to keep supporting Mozilla and Firefox.

          May 15th, 2014 at 05:45

  14. Josh Tumath

    This is a shame, but I understand the reasons. It seemed quite obvious from the beginning that we’d get to this point. But I’m amazed by the effort Mozilla has made to prevent the DRM system from being “evil”.

    Does OpenH264 have anything to do with this? Or is DRM video possible with WebM as well?

    Also, as I’ve been reading up on this, apparently Web sites that want to use DRM have to support all of the different media keys that are used by each browser’s different CRM. Won’t this lead to a fragmented Web? Isn’t it possible that a Web site can choose to support Microsoft’s PlayReady DRM system and not Adobe’s?

    May 14th, 2014 at 11:19

    1. Gervase Markham

      OpenH264 is not directly related; the Adobe CDM does contain an H.264 implementation, which could possibly be used to decode unDRMed video, but we may just use OpenH264 instead in most or all cases. To be decided.

      It is possible that websites will only support a subset of key systems; however, we hope that the obvious market forces mean that it won’t happen.

      May 14th, 2014 at 14:03

  15. Slash

    WTF ?! Fucked up shit… they must be nuts… I mean, helloho, free software “we have little choice” My ass !
    You really think that you’ve done a tolerable choice, when you’re the one’s providing “good DRM” ? Who are you trying to punk with that ? With your principles you just have to say consequently “NO” to DRM.
    I will boycott firefox from now on and recommend my environment not to use firefox. I don’t want to support hypocrites.

    May 14th, 2014 at 11:21

    1. Josh Tumath

      But the point is that thousands will boycott Firefox because they are just normal users and they won’t understand why DRM-protected video won’t just magically working Firefox. So they’ll jump ship.

      May 14th, 2014 at 13:47

      1. Hugo

        From my point of view this is a completly false analysis. You choose Firefox for privacy not content otherwise you’d better be on chrome with all candy features, super fast engine, Chrome Store, no crash, 60fps everywhere, no broken website, etc…

        You don’t jump on Firefox’s ship for videos working but for repect of privacy and philosophy, otherwise you’d better be on chrome.

        May 14th, 2014 at 15:21

        1. Brian

          You make it sound as if Chrome is superior to Firefox in every area except privacy. Switch if you want, but I’m not content with Chrome’s terrible page rendering consistency and nearly useless configuration. Saying Firefox is only good for tor-like privacy applications is rather far-fetched.

          May 14th, 2014 at 22:30

      2. Sam

        Thousands are boycotting netflix and copy-protected DVDs and blu-ray discs because they hate DRM for idealistic and practical reasons. People who hate DRM are likely to choose firefox. Why don’t you ask your users and supporters if they want this or not?

        May 15th, 2014 at 02:56

  16. Mat2

    Will this work on Linux?
    I am a strong advocate of free software and I have to say that I like Your approach very much.

    May 14th, 2014 at 11:21

  17. Mat2

    Will it work on Linux?

    May 14th, 2014 at 11:27

  18. AC

    Rather than raping Firefox with DRM, make it a plugin which masochistic people can download and install separately.

    May 14th, 2014 at 11:31

    1. Gervase Markham

      Could you have asked this question without the inflammatory language?

      You will have the option to say No at the DRM prompt.

      May 14th, 2014 at 14:04

  19. MC

    And the kicker……it only takes one to rip an episode with screen capture software and up a torrent, and this whole shebang is moot. It only takes one to be able and willing to do that, and there always is.

    So we could see this whole thing for what it really is, a power play over the web by hollywood and friends, i think?

    May 14th, 2014 at 11:31

  20. Pragmatic

    Well i am sorry Mozilla but the trust just got broken.

    You probably did take the right (business) decision for majority of web users wanting to have access to DRM content on the web by default and have more web browser providers. Being a company you do have to compete for market share i agree and i wish you luck in the future.

    But for minority of (us) users feeling more passionate about preserving open web this is just too much.

    It’s like cheating your partner. Sure some can handle it and eventually get over it but for some this is the end of meaningful relationship.

    May 14th, 2014 at 11:35

    1. jh

      ff has been supporting adobe flash for many many years

      this is not fundamentally different, it just sucks because we all though flash was almost dead

      May 14th, 2014 at 14:35

      1. Harald

        Yes it is because FF doesnt get shipped with Flash and you’re not forced to install it.

        May 14th, 2014 at 20:25

        1. Gervase Markham

          Firefox does not get shipped with the CDM and you are not forced to run it. You can say No.

          May 15th, 2014 at 05:46

  21. Dreamseeker

    Does Mozilla have any principles left after this?

    May 14th, 2014 at 11:42

  22. Matt

    Is Adobe’s CDM going to be windows only? Have they agreed to support other platforms, like OSX, Linux, and ARM hardware? Or is that all still TBD?

    May 14th, 2014 at 11:53

    1. Gervase Markham

      My understanding is that we have support for Windows, Mac and Linux. I don’t have details of exactly what hardware platforms that is. But I do know that the Adobe solution offered us a better selection of platforms than other solutions.

      May 14th, 2014 at 14:06

  23. Pouar

    I hope you can disable it so the DRM binary doesn’t even download to disk, load to memory, and/or run. I will patch and recompile Firefox myself if I have too.

    May 14th, 2014 at 11:54

  24. Open Source

    Dislike this? Sign the petition:

    https://www.change.org/petitions/mozilla-remove-drm-from-firefox

    May 14th, 2014 at 11:55

    1. Graham Perrin

      “… the Mozilla foundation announced that it will be including DRM in the next version of Firefox. …”

      – that’s misleading; not a petition I can sign.

      May 15th, 2014 at 06:08

  25. Pouar

    I hope you can stop the DRM blob from loading in the sandbox so it doesn’t even save to disk, load into memory, download, and/or even run as I don’t want any DRM in my browser whatsoever. I will patch and recompile Firefox myself if I have to.

    May 14th, 2014 at 11:59

    1. Fred

      Yes, that’s the idea. As you can read above, the CDM code will not be installed or run unless the user opts into doing that. If you a) don’t go to websites that require it or b) say No when asked, then you won’t be able to see the content in question but you will also never install or run the sandboxed code. This is very similar to how Flash works today. No one forces you to install it.

      May 14th, 2014 at 21:50

  26. ®om

    What a treason!

    May 14th, 2014 at 11:59

  27. Carlos Solís

    Hopefully GNU IceCat will purge this sandbox, for those who are concerned about it. Will the final build come with the CDM preinstalled, by the way? Or will it be downloaded on a first-usage basis? Can it be uninstalled withouth having to remove the whole Firefox?

    May 14th, 2014 at 12:04

    1. Fred

      The article above mentions that Firefox will not ship with it installed, it will be installed after the fact if the user opts into that. Which is exactly how plugins work today.

      May 14th, 2014 at 21:52

  28. Andrew Mike

    “This is a difficult and uncomfortable step for us given our vision of a completely open Web, but it also gives us the opportunity to actually shape the DRM space and be an advocate for our users and their rights in this debate.”

    Except you’ve just demonstrated your complete lack of leverage where this is concerned. Hollywood’s going to do what it wants, and by your own logic, you will have no choice to follow along; it won’t matter what your dreams are, you won’t get to implement them as long as this abortion is lying around. There is no advocating on behalf of the consumer where studio execs are involved; they have been behind the most toxic DRM proposals since the Internet was born, with little care for things like fair use or time-shifting rights.

    EME is a bad standard created for Hollywood that kills the open web, but you’re implementing it anyway, just like patent-encumbered video, just like you were going to implement ads in the New Tab feature — sacrificing your principles, and consumer rights, on the altar of market share.

    The open web is dead, and you helped kill it. Congratulations.

    May 14th, 2014 at 12:07

    1. Marcelo

      Strong words, but quite accurate IMHO.

      Agree.

      May 15th, 2014 at 09:03

  29. stripTM

    The same CDN to serve all platforms? We already know the story of the Flash plugin and sabotage that made to Linux / Linux 64.

    May 14th, 2014 at 12:11

  30. Charles

    I’d like an http header that specified I do not support DRM. That way websites will know when a DRM request fails it is due to a conscious choice and not just a technical issue.

    May 14th, 2014 at 12:23

  31. Jakub Suder

    Shame on you, Mozilla. You were the only ones with any power to do something about this if you decided to stand your ground. Now there’s no one else left, they’ve won.

    And no, 95% of the world couldn’t care less if Netflix runs in Firefox, because we can’t run it anyway.

    May 14th, 2014 at 12:26

  32. R

    This is a betrayal. Andreas says, “Firefox should help users get access to the content they want to enjoy, even if Mozilla philosophically opposes the restrictions certain content owners attach to their content.”

    As a long-time Mac and Linux user, I know that this means Andreas is telling everybody to stick to the major platforms. Adobe doesn’t want to port their CDM to your minority platform? Too bad. Switch to a computer so you can “enjoy” DRM.

    May 14th, 2014 at 12:30

    1. Gervase Markham

      If you don’t like DRM, you won’t care what platforms this system supports.

      We chose Adobe because they had a better story for non-Mac/Windows than other options. That doesn’t mean we can get them to support everything, of course.

      May 14th, 2014 at 14:12

  33. 外人

    Well, you just betrayed your users for profit of entertainment corporations.

    Anybody, good alternative/fork of Firefox?

    May 14th, 2014 at 12:33

  34. Andreas

    Our EME implementation is planned to work on all major OSes, including Linux.

    May 14th, 2014 at 12:40

    1. ianjo

      …but will a CDM be available for linux? On which architectures?

      May 14th, 2014 at 13:06

      1. Gervase Markham

        I haven’t seen the contract; I am told that Adobe has committed to support “Linux”, but you are right that there are various architectures. The CDM is sandboxed and so only has a small API surface, so distro variations shouldn’t (I would guess) make much difference. Bitsize, endianness and arch will, of course. But again, if it’s not interacting with the OS, it should be pretty portable. I will try and find out more info about what has been agreed.

        May 14th, 2014 at 14:10

        1. ianjo

          Thanks for the answer!

          May 14th, 2014 at 14:51

        2. Nate

          Let’s hope Adobe supports this better than they did flash for Linux.

          I have no illusions about this being anything other than an barely functioning mess.

          May 14th, 2014 at 18:10

  35. Simon

    Just in short: You did the right thing supporting EME, and you did an outstanding job in designing it (assuming the implementation works as described above)!

    @Some earlier commenters: It’s very easy to be idealistic, but sometimes you lose a lot of great things (and credibility) when you don’t adapt to your relevant environment.

    May 14th, 2014 at 12:54

    1. Linux User

      If I am a Linux user, I try to visit a site, and I don’t get to display it because it requres some closed source DRM plugin, it’s not an “idealistic”‘s problem, it’s a very concrete one. We’ve already gone through that with Flash. We’ve experienced how better the world was with Flash slowly going away. And now we are at it again, except that this time it’s forever.

      May 14th, 2014 at 15:01

  36. sh

    I can’t say that I am pleased.

    May 14th, 2014 at 13:02

    1. Fred

      As you can tell, Mozilla isn’t pleased either. Not the kind of happy announcement you want to make every week.

      May 14th, 2014 at 21:54

  37. Vitaliy Filippov

    DRM is bad, furthermore it’s useless.
    Please don’t add it in FF.

    May 14th, 2014 at 13:08

  38. David Barker

    I can’t say I’m thrilled with the decision but I understand what a difficult position we (as an industry and a movement) are in.

    Most of the other commenters (between this blog and Hacker News) have raised the main issues I have, but I do have a number of questions:

    1) You say the EME implementation will support Linux. Has there been a firm commitment from Adobe that the CDM will support Linux too? Or are we at risk of winding up with an EME-layer that supports Linux but content providers that are afraid of Linux and mandate against its support?

    2) Does Linux support mean *Linux* support, or *Ubuntu* support? There’s a disappointing trend towards regarding all of Linux as “Ubuntu”, leaving Debian, Fedora et al users to struggle with mediocre mainstream media support.

    3) What is the timeline for implementation? Which Firefox version will be targeted? And will support (between the EME-layer and CDM) be cross-platform from day one?

    3) Will HDCP/Protected Media Path be supported or mandated? To give some context – HDCP support on Linux is virtually non-existent. This has never really been an issue, however Amazon Prime Instant Video now requires HDCP for High Definition streaming. Pipelight users are limited to Standard Definition on Prime. Netflix works just fine, however my concern is that content providers will start mandating HDCP, and EME/CDM will be an enabling technology (“Most browers support HDCP, who cares if Linux users are left out?”). Between fragmented video drivers (open source vs proprietary), X vs Wayland and the inherent incompatibility of a PMP with an open source graphics pipeline, I fear that all of this effort will be in vein and Firefox on Linux will be contaminated with DRM that it’s unable to utilise in all but a few limited, locked down systems.

    I know I’m asking for a lot of detail, but I believe there will be others with the same questions and the answers might enlighten us as to Mozilla’s medium-term strategy with regards to media DRM, and the commitment secured from Mozilla’s favoured partner (Adobe).

    Many thanks,
    David

    May 14th, 2014 at 13:32

  39. Erich

    Details around the CDM in the Editor’s Draft are pretty vague and it appears that the CDM lies between the browser and the platform according to the basic schematic provided. If this is correct, how can Mozilla sandbox it?

    On the surface it seems like a more standarized version of Silverlight, and certainly not something that would be available for open source platforms.

    Permitting the proprietary CDM low-level access to the OS is simply inviting Sony-style trojans.

    May 14th, 2014 at 13:33

    1. Gervase Markham

      There should be a technical FAQ in 24/48 hours with more details on how this works.

      May 14th, 2014 at 14:08

  40. Andrej Antonov

    hello!

    will be Firefox-browser ask me BEFORE download any blob (CDM) files? (or download it automatically without my agreement?)

    and the same question about Cosco H264.. will be ask or automatically?

    (sorry for my english)

    May 14th, 2014 at 13:55

    1. Gervase Markham

      The exact way it works is still to be decided, but it will certainly not _run_ without your explicit permission.

      For Cisco’s OpenH264, that’s open source code which will (we hope) be deterministically built so that others can verify the builds from Cisco have no trojans or other evil going on. So I believe the current plan is not to prompt for those. The fact that they are distributed by Cisco rather than us is an (important, but irrelevant to users) implementation detail.

      May 14th, 2014 at 14:07

      1. Andrej Antonov

        thanks for your answers, and sorry for the obsession, but I still have to ask next question (about OpenH264):

        Firefox will be download specific version of OpenH264-module with *preset-known* HASH-sum ?… …or Firefox will be download any *latest* version of OpenH264-module with *NOT* preset-known HASH-sum?

        sorry for this my questions if it offend anybody :-)

        May 14th, 2014 at 14:29

        1. Daniel Veditz

          I have not yet reviewed that code but I would expect that we would verify the download using a hash already known to Firefox (probably gotten from an update server rather than compiled in). This is already what we do for downloading addon updates and when downloading Flash from the Plugin Finder Service.

          May 14th, 2014 at 14:46

      2. PrivacyOriented

        Would Cisco OpenH264 have the ability to access a Firefox generated unique identifier like the one’ you’ve mentioned for CDMs? If so, you’d want a prompt and blocking mechanism for it as well.

        May 14th, 2014 at 19:19

  41. antistress

    This HTML DRM is a sign of sad days in the near future, with DRM multiplication (books etc).

    Lessons have been learnt with the H.265 codec and I know that Mozilla is already working on an open successor.

    Mozilla tried to adocate watermarking but I think it entered too late in the game.

    Although, keep on trying guys, maybe these industries will ultimately see the light one day.

    PS : What guaranties does Adobe provide considering interoperability ? (There is Windows, MacOS/iOS, Android, but also tons on open source OSes : GNU/Linux, *BSD, Haiku…. plus all OSes that still don’t exist)… Thanks !

    May 14th, 2014 at 14:21

  42. Hugo

    I’d have a question :
    Why do we need DRM ? Want to watch a video ? You login on your paid netflix account or whatever service and watch your video.
    If the risk is that you download the video, then it only a lil bit easier in HTML5 but whatever happens you can record it in full HD 60 fps on your screen or through the HDMI with or without DRM. So what does it change ?
    Same for music.

    Then,
    “Firefox should help users get access to the content they want to enjoy, even if Mozilla philosophically opposes the restrictions certain content owners attach to their content.”
    This sentence is wierd. Honestly if I had to choose between chrome and firefox ot for privacy I’d be on chrome: V8 much faster, WebKit spporting much more features, loading time better, CSS3 transition not laggy and pixelised, videos working and not laggy, no crash,etc… The only reason I’m using Firefox is because it respects my privacy.
    So if I see Firefox starting not to respect privacy anymore, since my privacy won’t be repected anyway I’d better be on Chrome with more feature and performance.

    What user enjoy on Firefox is not the “content” or “features” or “performance” because Firefox is not good at it (compared to Chrome), it’s just Mozilla philosophy and repect of their privacy.

    I think you should survey why Firefox users are using Firefox, if think the majority is not using it for “content” or “performance” or “features” but rather for “Privacy”, “Philosophy”, “Mission”, especially since Firefox is not installed by default on devices.

    (And btw World != USA , 95% of the planet don’t care about Netflix.)

    May 14th, 2014 at 14:41

  43. luke

    I only use noncommerical content. To me, the priority is keeping DRM support entirely out of my machines. I will probably firewall out Adobe’s download server for this plugin in /etc/hosts.

    The concern for those of us who do not subscribe to hulu or Netflix and are not interested in television content is ensuring that use of the DRM plugin does not migrate to streaming services for user-uploaded video. If it does I will have to host my own videos on my own box!

    So far, I have not once encountered a flash video that refused to play because I deliberately broke DRM support in Flash by uninstalling HAL. This is because the unpaid content part of the web that is all I will interact with, and so far it does not use DRM.

    Youtube would be the one that would likely implement this for content flagged for third party content. Enough of that and a lot of the content going to Youtube will hopefully move to torrents instead. I just wonder if enough people have the stones to dump Youtube for alternatives like Liveleak if Youtube decides to go DRM.

    May 14th, 2014 at 14:43

  44. Kiwi

    How is this in any way secure enough for the studios? surly its just a matter of patching the outside of the sandbox to save the video to your harddrive… Im not sure they are gooing to agree to this anyway

    May 14th, 2014 at 14:44

  45. p

    I’ve lost my belief in humanity and more important Mozilla:(
    What you have done is giving up users right’s to make the userbase larger.
    And BTW the implementation is vulnerable to mitm.

    May 14th, 2014 at 14:44

  46. Eduardo

    This is an unfortunate move. Mozilla should not participate in these obsolete schemes of an industry that is unwilling to adapt and accept that content sharing, in the digital age, is a genuine, natural and very human use case.

    Mozilla should instead persist in designing and implementing alternative solutions (like the watermarking) and continue to educate users. Supporting a scheme that is broken by design do not serve Firefox users nor the confidence these users have deposited on Mozilla’s core foundation values.

    This move can also be counter-productive if a significant number of current users decide to switch browser precisely because Mozilla decides to trade against users interest. And I would argue that many of the current Firefox users stick to it because the values Mozilla represents (and probably a few very useful extensions). Nowadays there are a few choices for good open source browsers out there.

    So yeah, business as usual?

    While you and others are busy implementing this, I suspect other talented people will work on cracking it and exploiting it in different colorful ways (as it always happen with any DRM that gets relevant enough); or simply work on streaming-from-bittorrent-like alternatives.

    Principles should not be traded-off precisely because it is the only thing you have left when everything else fail.

    May 14th, 2014 at 14:48

    1. Marcelo

      Amen to that.

      May 15th, 2014 at 09:11

  47. Hugo

    And I’d like to know too if there will be a fork without DRM or any way to download Firefox without DRM.
    I don’t use Netflix or any paying service of that kind and I don’t see why the few American watching netflix should compromise everyone’s security. I’m no expert but having something closed source is like the paradise for the NSA (especially since the binary wil be provided by american companies) and for security attacks.
    I really hope it will be easy to disable it completly in about:config or preferences or have a (maintained) fork without it.

    May 14th, 2014 at 14:49

  48. allo

    This will not work. If your graphic is correct, the user can grab the frames/audio. So the DRM does not work in this fashion. But for working DRM, the sandbox needs to be eroded, the DRM module needs access to the system, to control there is no screencapture-tool running. In the future the DRM people will even try to demand trusted media paths, using TPM to verify a trustpath from the encrypted media via signed player to the display, which is capable to display an encrypted videostream (HDCP). This will not work like this. So the DRM module will need a out-of-browser program to assist itself, because the publisher wants it. This one will only be available for windows, of course …

    never ever start it like this. Apples strict “no flash” policy made HTML5 boom, denying the companies DRM will work to make video DRM vanish as audio DRM vanished.

    May 14th, 2014 at 14:58

    1. Gervase Markham

      That worked for Apple precisely because Apple is closed – they have complete control of what software is allowed to be on iOS. We do not have any control of what other software users can install on their Mac, Windows or Linux machines – and we wouldn’t want it.

      May 15th, 2014 at 02:09

      1. Hugo

        This has nothing to do with open/closed source. The fact that Apple didn’t support Flash on their products pushed web developers to adopt HTML5 so that their content could be viewed on Ipad, Iphone, etc… This what mozilla should do by refusing DRM. If no one opposes DRM, then it will become the standard.
        Mozilla will not loose user, all user who don’t care about privacy are already on Chrome because it’s a faster more featured browser and it’s better integrated with google services. Privacy is Firefox’s one and only advantage.

        May 16th, 2014 at 04:15

  49. Brett Zamir

    Currently there are already cross-domain restrictions when one attempts to inspect a video canvas (via toDataURL()).

    But what will the DRM changes mean as far as file:// pages containing local DRM content, or privileged add-ons? I presume not all of the HTML5 APIs such as toDataURL() would be available or otherwise, one could simply rebuild content by scanning out the content frame-by-frame into an open format, but if they are being restricted, which APIs, if any, will then be available?

    May 14th, 2014 at 15:31

  50. Brett Zamir

    Also, although I presume this DRM encryption will only work for media, are any solutions on the table for allowing JavaScript to be delivered in a manner that is not transparent?

    May 14th, 2014 at 15:35

    1. Gervase Markham

      No, no plans (other than the obfuscation people can already do anyway). Mozilla opposes the extension of DRM to other types of content, and market conditions are very different.

      May 15th, 2014 at 02:09

  51. Stephanie

    My first reaction to this was quite understandably that of shock and outrage.

    However, looking at the details so far, this isn’t exactly adding DRM to Firefox, it’s replacing one DRM-enabling mechinism (NPAPI plugins) with another, and doing so in such a way that goes a lot further to protect user’s rights, privacy, and security.

    It still stinks, but it seems to be a net improvement over the status quo.

    May 14th, 2014 at 15:51

  52. Joshua

    This concerns me. I really don’t want any part of web experience to rely on close-sourced software. None of it, I don’t want it, and I don’t trust it.

    Please allow a version of Firefox that won’t include this and won’t support it. Alternatively, make it so that it doesn’t come with firefox, but it’s a downloaded module that we can perma-block (so we don’t accidentally click “ok” in a flurry of clicking through sites). Further, every time it would be invoked, include the requirement for by-instance user approval and with that approval include with it a warning that it’s a security risk, and link to the explanations of the problems of DRM, and a link to petition to the film industry and FCC to put an end to DRM.

    Then… I would be moderately okay with this going forward.

    May 14th, 2014 at 16:08

  53. Steve La Rocque

    You wrote “Mozilla believes in an open Web that centers around the user and puts them in control of their online experience.”

    I want to hold you to that! Let the users themselves choose. Firefox should publicly (i.e. in the FAQ) commit that future versions of Firefox will only enable the EME, and thereby download CDM modules, if and only if the USER gives consent for that. In other words, let us decide if we would rather just not have EME video capabilities in our Firefox.

    I have a commitment to open source and a fully open source system. I have no intention of installing close source commercial software from Adobe. I don’t trust them, I never will.

    Please make the public commitment that USERS themselves will be able to opt in/opt out of EME.

    May 14th, 2014 at 16:10

    1. Gervase Markham

      The exact user experience is still to be determined, but your machine will not run closed-source code without your consent.

      May 15th, 2014 at 01:54

  54. Walid Damouny

    I just feel sorry for Mozilla. Without W3C EME, Firefox would be ignored. With W3C EME, Mozilla takes the heat from a vocal minority of Firefox users. I agree with Mozilla’s stance and not because I want easy access to online entertainment. I agree with Mozilla implementing W3C EME because ideology seldom attracts users. If you care about open source and the open web and have an iPad then remember that you’re supporting a closed platform. I’m pretty sure many of the commentators here use proprietary software and would have reasonable reasons to use them. However simply using closed environments is a vote in their favour. Mozilla is making the right choice because it is the lesser of two evils. Chemotherapy is poisonous but it allows you to fight cancer so you do it.

    May 14th, 2014 at 16:13

  55. Andy Allord

    “Open Web”… Thank you Mozilla for proving at some point even those who built a model on Open Source crumble to money…. DRM is nothing more than a way to allow corporations to commit “extortion” on the American Public…

    Do NOT give me the answer “we have no choice”….. CHOICE is the one thing people and corporations ALWAYS have!

    May 14th, 2014 at 16:28

    1. Gervase Markham

      If you read Mitchell’s post, you will see her explain that we do have a choice, and that neither option is good: https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/

      May 15th, 2014 at 01:55

  56. Anon

    DRM in browser? That’s something that can’t be excused, don’t even try.

    May 14th, 2014 at 16:31

    1. hsivonen

      Firefox for Windows already prompts users to install Flash Player, which contains Adobe Access DRM as a subsystem. You can decline that prompt (at the expense of not getting to browse some content).

      What’s being announced is that Firefox will prompt to let you install an EME version of Adobe Access DRM without the rest of Flash Player around it.

      It’s understandable but sad that people are OK(ish) with us prompting to install Adobe Access when wrapped in Flash Player and not sandboxed by us but are up in arms when the Flash Player is removed from around Adobe Access and the DRM component is sandboxed by us.

      May 15th, 2014 at 02:55

      1. Kevin Krammer

        I think the difference is that everybody was looking forward to the figurative light at the end of the tunnel, the time when the browser would no longer prompt for Flash.

        And thus people are now really annoyed to find out that the light was not in fact the end of the tunnel, but a just a dimly lit junction into an even longer and deeper tunnel

        May 15th, 2014 at 09:54

        1. fung0

          If you always choose the lesser of two evils, you guarantee that evil will win.

          May 22nd, 2014 at 13:15

  57. Bijan

    If this happens, will have to drop FF :( so sad, but well, will use other browser.

    May 14th, 2014 at 16:37

    1. hsivonen

      Which browser do you plan to switch to? Chrome, IE or Safari aren’t logical alternatives if you want to avoid browsers that support DRM via EME.

      Why not continue using Firefox and decline the CDM when offered instead?

      May 15th, 2014 at 02:57

  58. Jeff Moe

    Garbage. Is Mozilla’s goal in 2014 to alienate everyone?

    May 14th, 2014 at 17:11

  59. Mark

    Not too happy with the decision, but I’m willing to accept it provided Firefox does not even _download_ the EME blob to my computer without permission.

    May 14th, 2014 at 17:14

    1. hsivonen

      I’ve raised the point internally that people will object to having the CDM *download* start before consent UI to about *running* is shown.

      Could you articulate why you object to proprietary bits existing in a cache if your computer doesn’t end up running them? A Web browser downloads and caches proprietary files all the time as part of its normal operation.

      Is there something something particularly objectionable about the CDM as a cache item other than the user not having navigated to a page that contains the download URL for the CDM?

      May 15th, 2014 at 03:02

      1. Calvin Walton

        The main issue I see here is that it sounds like the CDM will be downloaded from Adobe servers, rather than through Mozilla servers or Linux distribution mirrors. As a result, downloading without consent will give Adobe some tracking information on all Firefox users, regardless of whether they want to use the Adobe CDM or not.

        May 17th, 2014 at 07:21

  60. Sinnfrei

    Sorry, but this is complete bullshit. Security by Obscurity never works. And then letting a company with one of the worst track records in history develop that blackbox, and then put it in all browsers? And all that for a future that cannot work by design – DRM is totally worthless. A nightmare.

    May 14th, 2014 at 17:14

  61. Jeremy Allison

    What an utter betrayal of your users and your principles. What is the point of pretending to have any, if you’re just going to back down at the first demand of the people who wish to take the web private. I am disgusted and apalled by this craven cowardice.

    May 14th, 2014 at 17:19

    1. Gervase Markham

      “The first demand”? You think this is really the first?

      Is it only acceptable to claim to have principles if you win every battle?

      The Light Brigade could certainly not have been accused of craven cowardice. But it doesn’t make what they did sensible.

      May 15th, 2014 at 01:57

      1. Jeremy Allison

        Gervase Markham wrote:

        > ““The first demand”? You think this is really the first?”

        It doesn’t really matter if it was the first or the hundredth. What you have shown is that given enough pressure you will compromise your principles, and sell out your users.

        Why would anyone trust you again ? Anyone negotiating with you knows you’ll crumble in the end. Why even bother pretending this was hard for you ?

        You’re done, Gervase, you’re just done. It’s over for Mozilla. Trust, once lost, cannot be easily regained. It’s such a shame, I really liked your product and was a big fan – before you sold everyone out.

        May 15th, 2014 at 02:48

        1. Gervase Markham

          Jeremy, my friend, that’s a load of grandstanding rubbish.

          “Trust is lost” – how? We are not going to execute proprietary code on your machine without your permission. You can say No. If you say Yes, we’ll sandbox it and constrain its capabilities, and you can audit the sandbox. (And we’d love _you_ to, in particular.)

          Your open source product has the benefit of having very little competition (I heard Apple’s recent reimplementation described as “outrageously beachbally”.) We have a load of extremely good competition, and switching browsers is something billions of users have shown themselves very capable of doing.

          You may think we should die on a hill over this one; we can agree to disagree on that. But I’m disappointed that you think our refusal to die gloriously means that we’re actually fighting for the other side.

          May 15th, 2014 at 05:54

  62. anon

    If a free operating system distributor disables DRM support at build time, can the binary still use the Firefox branding?

    May 14th, 2014 at 17:51

    1. Gervase Markham

      Good question. I don’t know if anyone’s thought about that yet. Make sure this question doesn’t get lost.

      May 15th, 2014 at 01:59

  63. me

    What about displaying a notification explaining the disadvantages of DRM when firefox downloads the CDM? This would explain the topic to the users.

    May 14th, 2014 at 17:55

    1. Gervase Markham

      I wrote about that possibility here: http://blog.gerv.net/2014/05/to-serve-users/

      May 15th, 2014 at 02:00

      1. drm_sucks

        Well, you did a wrong choice, but another choice was also the wrong choice. I really like the idea of really short explanation of why DRM is evil along with option to enable it. And perhaps a sad face icon too. Or an icon of a person in handcuffs/person with heavy metal ball attached to leg/sad bird in cage/etc.

        Users need a message like:
        “You need CDM to watch that video. You can download it, but it’s evil. Click [here] to learn more. [Download] [Not now] [Never!]”.

        May 15th, 2014 at 02:44

  64. buckfeta

    Cowards. Since when is market share more important than principles? What hope do we have of maintaining open standards and opposing DRM when the mere potential loss of users is enough to make you give up?

    Users, today, can choose between mainstream browsers that are DRM-free or DRM’d. Because of your decision, they will no longer have that choice.

    You are harming the all your users, including those who, either through ignorance or choice, value TV watching more highly than their rights.

    I hope Seamonkey keeps DRM out.

    May 14th, 2014 at 18:07

    1. Gervase Markham

      “Users, today, can choose between mainstream browsers that are DRM-free or DRM’d. Because of your decision, they will no longer have that choice.”

      Not so. If you say No at the prompt, then no DRM for you. Just as you can refuse to install Flash or Silverlight, or use Flashblock.

      May 15th, 2014 at 02:00

    2. hsivonen

      Being in a popularity contest has been an aspect of what Mozilla does ever since the launch of Firefox and positioning it as a mainstream product. As far as principles and pragmatism go, Mozilla occupies a different role in the Free Software world than e.g. the FSF whose role is to always put principle ahead of pragmatism even when it makes the FSF unpopular.

      By supporting NPAPI plug-ins, SeaMonkey isn’t today keeping DRM out. However, it is up to the SeaMonkey project to decide whether to use the opportunity to use EME-style Adobe Access.

      May 15th, 2014 at 03:07

  65. anon

    If Mozilla goes through with this, I’m dropping Firefox like a hot potato.

    May 14th, 2014 at 18:07

  66. catdog2

    So Mozilla finally gives up on the idea of the open web. Sad to see.
    Implementing DRM mechanisms contradicts this idea in the strongest way possible.

    Why not close down the Mozilla foundation instead, admitting you have failed on some of your basic principles?

    May 14th, 2014 at 18:15

    1. Gervase Markham

      Do you think closing down Mozilla would really be better for the open web than living to fight another day?

      May 15th, 2014 at 01:58

      1. Sean Lang

        Actually, yes. The fact that Mozilla is willing to assist in the proliferation of DRM shows that they have failed at their most basic goals of keeping the web open. If they cannot do that, then I no longer trust them and I have no reason to continue donating to or supporting Mozilla.

        It’s especially sad, because I was looking forward to FirefoxOS and B2G becoming stable. But since Mozilla cannot even be trusted to lead their core product in the right direction, I don’t suppose that I can expect either of those to be held to be held to ethical standards as they mature.

        At least the code that they’ve produced up to this point has been good – hopefully a “real” open-source fork of Firefox can be maintained by developers who understand the consequences of supporting DRM.

        May 15th, 2014 at 02:47

        1. hsivonen

          By that logic, we failed already way back in 2003/2004 by not removing NPAPI. Yet, instead, by being pragmatic about the NPAPI, we were able to effect positive change in the browser choice people have and, by extension, what capabilities the Web platform now offers thanks to revitalized browser competition.

          May 15th, 2014 at 03:14

          1. Sean Lang

            I’m actually OK with the NPAPI – it didn’t bother me because it is a generic API for running native extensions, not one designed explicitly for DRM. Of course, I don’t appreciate its use in enabling DRM, but (AFAIK) Mozilla didn’t actively help with the creation of these DRM plugins.

            May 15th, 2014 at 04:23

          2. Kevin Krammer

            You are starting to sound like Mark Watson of Netflix :-)

            Do you a comment somewhere in which you claim that cryptography cannot be implemented in open source or free software? ;-)

            May 15th, 2014 at 10:17

      2. Molly

        What do you have left to fight for? With this move you have given up the idea of open source and a web based on standards.

        May 15th, 2014 at 03:04

  67. Dzver

    This was the final cut.
    I already wrote the guideline and tomorrow sending it to all supported businesses so they switch to Chrome.
    You dumped the last remains of Firefox privacy; so the only advantage versus Chrome is gone.
    Users can’t tell the difference anyway (australis just contributing to that).

    Guess you make the mistake you’ll have more Firefox installations when it gets undistinguishable from Chrome – think again, Google’s promo is far more powerful so people who currently use it is because it is different – not because it is the same.

    May 14th, 2014 at 18:23

    1. hsivonen

      How do you see our sandboxing plan for the CDM to be so bad to privacy that you’d choose Chrome (and its CDM) instead?

      May 15th, 2014 at 03:16

      1. Dzver

        It is not worth to discuss in details your “sandboxing plan” or whatever tainting it will actually be.
        The tendency is which is important – and it is clear.
        Firefox cannot be trusted anymore.

        In this situation Chrome+DRM is better for the same reason, for which relations with known “enemy entity” are preferred versus relations with trusted “trojan-horse”.

        Again, I’m certain you did not do any sound market research/analysis for the consequences of your “strategy” which clearly shapes in the latest years.
        See, the userbase for the sake of which you are now DRM-ing Firefox – it is long ago using Chrome anyway.
        So with latest changes stand sure: it will just boost Firefox to lose the major part of whatever users it has left (25% or so) even more faster.
        And no, the current Chrome users will *not* return to firefox, “because it is now DRM-ed”.
        They already have Chrome anyway, and don’t care for privacy/DRM; )

        The one who tries to sit on two chairs – miserably falls at the end.

        May 15th, 2014 at 08:34

  68. Fuckyou

    Okay, I’m done with Firefox. I’m uninstalling this shit tonight.

    May 14th, 2014 at 18:25

  69. Former User

    First the user interface then DRM, we chrome now. Uninstalling firefox.

    May 14th, 2014 at 18:30

  70. Boris

    >We have come to the point where Mozilla not implementing the W3C EME specification means that Firefox users have to switch to other browsers to watch content restricted by DRM.

    Firefox users have to switch to other browsers which doesn’t have the crap like “W3C EME”. I believed in Mozilla and Firefox until this moment, now I’m looking for alternative.

    May 14th, 2014 at 18:47

  71. Paul Dirks

    The real question before the house, is why are so many people so enamored the cr@p being pushed by Hollywood, that they feel the need to access it anywhere, anytime and are willing to sacrifice there own identities to get it. We live in troubling times.

    May 14th, 2014 at 18:49

  72. Jim

    >if you patch the sandbox, the CDM will no longer work.

    What happens when you find a security vulnerability?
    What happens when a downstream fork finds a security vulnerability?
    I hope this sandbox is optional.

    May 14th, 2014 at 19:04

  73. Michaela Merz

    No. Non. Njet. Nein. It is completely, totally and absolutely wrong to taint the Mozilla environment with closed source modules that might even haven NSA built in. Yes – we might not be able to watch all the DRM stuff – so what? We have been used to not being able to access some content with Mozilla, especially in the Linux environment. Didn’t kill us – but closed source DRM will kill the spirit of free and open software environments.

    I am calling for a community vote. Let us decide, whether we want DRM or not.

    May 14th, 2014 at 19:29

    1. Fred

      Keep in mind that this is already how binary plugins work — you don’t have to install them, but you may do so if you so desire. The same principle holds here. If you do not opt into using this code, you won’t.

      May 14th, 2014 at 22:00

  74. PrivacyOriented

    Given the purpose of these DRM mechanisms, I would think it impossible for you to prevent the CDM from phoning home the sandbox-generated unique identifier or derivative, and/or taking other steps to fingerprint the device with the help of the server(s) the device is communicating with. I’m glad you are making the identifier site-specific, but another essential step would be to provide some means of changing the identifier. Through a reset mechanism preferably, or at least through a reinstall of Firefox. So that users have a way to break any links to past activity (at the expense of losing access to DRM protected content too, but often that will not be a problem). Will it be possible and reasonably easy to change this unique identifier for a specific and/or all sites?

    May 14th, 2014 at 19:30

    1. Gervase Markham

      I believe we plan to make it possible to reset the identifier, but it’s unclear what effect that would have on the sites which use the identifier. It might break things.

      May 15th, 2014 at 02:02

  75. Greg

    That’s nice, but I don’t trust a sandbox and I don’t have any interest in watching DRM’d video on my computer. So please tell me there’s going to be a setting I can toggle that will disable the DRM extensions and prevent the Adobe code from ever executing. Failing that, or better yet in addition to that, please tell me the Adobe code will be in a discrete file I can delete, and that Firefox will respect my choice by neither refusing to launch nor attempting to “fix” itself by re-downloading the file every time I start the browser.

    May 14th, 2014 at 20:01

    1. Gervase Markham

      The user experience is to be determined, but closed-source code will not execute on your machine without your consent. And if the file does download, it will be a discrete file you can delete.

      May 15th, 2014 at 02:03

  76. No Damn Way

    You know, I used to think that that the Debian folk were cranks or, at the very least, oversensitive, with their insistence on free/libre/open-source software conforming to their Debian Free Software Guidelines (DFSG).

    For some reason, I always preferred using Firefox over their Iceweasel fork. Looks like I gotta eat crow now, and admit that they (and Richard Stallman) were right all along. Firefox will now been tainted with DRM — what’s next?
    Selling out your users’ privacy? I don’t think you can be trusted anymore.

    May 14th, 2014 at 20:03

  77. Greg

    That’s nice, but I don’t trust a sandbox and I don’t have any interest in watching DRM’d video on my computer. So please tell me there’s going to be a setting I can toggle that will disable the EME extensions and prevent the Adobe code from ever executing. Failing that, or better yet in addition to that, please tell me the Adobe code will be in a discrete file I can delete, and that Firefox will respect my choice by neither refusing to launch in the absence of the file nor attempting to “fix” itself by re-downloading the file every time I start the browser.

    May 14th, 2014 at 20:05

    1. hsivonen

      The plan is to let you block the Adobe CDM code from ever executing. And yes, the CDM will be a discrete file.

      May 15th, 2014 at 03:19

  78. Nick

    From the Firefox download page:

    “Thanks for downloading Firefox! As a non-profit, we’re free to innovate on your behalf without any pressure to compromise.”

    So much for that.

    May 14th, 2014 at 20:15

  79. Not_RMS

    Is this a joke? Loading proprietary blobs?
    I do not care if you somehow wrap an “open source sandbox” or whatever around it, it’s just a shame to include this in a self proclaimed free and open browser from a self proclaimed “for free and open web” company. wtf

    May 14th, 2014 at 20:33

    1. hsivonen

      We already load larger proprietary blobs called NPAPI plug-ins, such as Flash Player, which already includes Adobe Access DRM. At least on Windows, we already prompt to let users download and install Flash Player (including a flavor of Adobe Access DRM) easily. People aren’t up in arms about that in general. (The FSF is excluding Firefox from its Free Software Directory because of it, though.)

      May 15th, 2014 at 03:21

  80. Sean Lang

    Since Firefox isn’t going to be fully open-source anymore, and is no longer willing to stand by its beliefs, then why wouldn’t I just use Chrome? Chrome is mostly open-source too (since it’s built on Chromium), and it seems to have better performance. I don’t think that I have any reason to continue using Firefox now.

    May 14th, 2014 at 21:02

    1. Gervase Markham

      Firefox will still be fully open source. If you say No to the DRM prompt, then you won’t run any closed-source code.

      May 15th, 2014 at 02:04

      1. Sean Lang

        The fact that it links to closed-source code, and even leads the user to execute it, makes Firefox only partially open-source. Just because it’s sand-boxed doesn’t make it “not a part of Firefox”. It’s still a piece of the project, it’s still commissioned & endorsed by Mozilla, and it’s something that the user cannot modify or audit.

        More importantly, it’s something that web developers will now consider to be supported by all major browsers, allowing it to be used even more… thanks to Mozilla.

        It’s disappointing because Mozilla could have taken this opportunity to be different. To be “the browser that actually cares about your basic freedoms”. This whole situation could have been turned into an example of Mozilla standing its ground and doing the right thing. You probably would have even gained users, and certainly built trust. But you didn’t. You gave in… and for that, I am very sad.

        May 15th, 2014 at 03:21

        1. Dzver

          Can’t agree more.

          May 15th, 2014 at 08:36

  81. oiaohm

    Sorry to say the sandbox is super vague.

    Yes we have had browers plugins for long time. But there was something important if I rebuild firefox they worked.

    Number 2 W3C EME does not forbid open source EME implementations. Simple Decryption option for one can be fully open source and all implementations must support it. So if you want to use EME on all and not do any deals you don’t use CDM at moment. Content Decryption Module also can be open source.

    –Since the purpose of the CDM is to defy scrutiny and modification by the user, the CDM cannot be open source by design in the EME architecture.–
    Is this the only possible usage of CDM to protect content from user alteration. Defy scrutiny equals could be full of secuirty flaws. Nothing that is computer code can Defy scrutiny. Only thing that can resist scrutiny is hardware like HDCP encoded.

    Reality lets say I am running a video chat with someone. CDM for the encryption to protect against main in middle is still of value.

    –content protection or Digital Rights Management– is the standard. Saying the CDM has to be closed is wrong. CDM has to be closed for some end users.

    Really just like browser plugins where there was kind of a unified standard we need a unified standard for Content Decryption Module. In fact a unified standard for a Contect Encryption Module would also be useful.

    May 14th, 2014 at 22:00

    1. hsivonen

      The W3C doesn’t prohibit an Open Source CDM. However, the reason why studios want a CDM to be used is to have a box that users can’t see inside of and can’t tamper with. An Open Source CDM would, therefore, denied keys to major studio content. There’s no point in having a CDM that doesn’t serve the purpose why CDMs exist in the first place.

      The Clear Key CDM in the spec mainly serves testability of the EME API in a way that will let the EME spec progress within the W3C Process.

      The purpose of the sandbox is to isolate the code you can’t scrutinize from the rest of your system.

      For video chat where encryption is used so that the chat participants themselves aren’t considered adversaries in the threat model, we’ll be offering encryption in WebRTC. In the case of the CDM, the user is the adversary for the purposes of the threat model from the studio perspective.

      May 15th, 2014 at 03:26

      1. oioahm

        hsivonen reality here why provide two interfaces when one can do both jobs. WebRTC could be used to stream video contect if it could be protected.

        Sandboxes are never sure to be 100 percent soild. If a Sandbox is 100 percent soild the item inside the sand box should not be able to tell that the differences between 2 different implementations of that Sandbox. So undermining the adverisery system at that point.

        Open Source CDM can have major differences from Clearkey. Default EME clear key has key being sent over the wire with the video content. No store for keys from suppliers. Not all media vendors may distrust their end users. Yes it one thing to watermark you videos its another to have a clear method to disconnect those who infrign. A system who objective is to disconnect those who infrign can be open source. User signs up for media from a group they get a key they store key they lose key they report can report it lost. If that the video watermarked with the user of the key turn up that key gets blocked and that users account suspended.

        Copyright laws in most places allow private recording. Studios don’t all want the same thing and some places blocking recording in the first place will be infringment on peoples rights by the studios. This is why its important to add at least one open source CDM that support media provider issued keys to user including instream updating of keys(this ruins users duplicating keys to multi devices in lots of cases).

        Not all video chat cases are the participants not classed as adversaries. Think what are called Webinars the ones running these also want protective DRM at times to prevent the audence from recording the event so they can sell the recording after the event. Open source solution using HDCP or other hardware blocks is also possible for a EME CDM. In fact these using hardware blocks are more resistant to attack than any closed source CDM code block.

        There is a reason why I said we need encode blocks as well as decode blocks with DRM support. WebRTC will not meet all Webinars running peoples wishes without DRM options.

        May 16th, 2014 at 13:27

  82. robert

    This is the wrong way Tod go. Mozilla should habe stayed strong. They would habe lost some users, surely, but is this so Bad that they couldn’t do the right thing?
    In the Ende, if mozilla would habe stayed strong, many companies would habe thought twice if they don’t want To have all these customers who are using Firefox.
    Now mozilla is, despite all the talk in the article, an advocate for DRM.

    May 14th, 2014 at 22:06

  83. Manuel

    The problem, I see, is that Firefox will no longer be 100% Open Source. If you download Firefox then the binary blob will always forcefully be part of the install file.

    So I vote for the “Addon” idea. Just ask your user for permission to download a binary blob the first time he tries to access a DRM protected video. This also allows you to keep the binary part updated separately. For example if a security hole is found.

    For me it is not enough to be able to choose whether I want to use the binary blob. I also want to have the choice to not have the binary blob on my system at all.

    May 14th, 2014 at 22:19

    1. Gervase Markham

      The CDM will not be downloaded as part of Firefox; it will be a separate download from Adobe. Users will be prompted before the CDM executes.

      May 15th, 2014 at 02:05

  84. elima

    DRM is broken by design, please don’t support it in any way. Any DRM that has become relevant enough, has almost always been cracked. Also, there exists various ways to record and re-encode the pixels coming out from the browser, in any platform. In GNU/Linux is specially easy to do.
    And streaming-from-torrents is a viable alternative anyway.

    This is just another futile effort that is morally and technically doomed to fail, still you are willing to waste time and resources supporting it, just for a tiny fraction of your user base.

    You should consider doing open surveys to really understand what the majority of your users want, otherwise you are just steering in the blind, with poor arguments to support your decisions, and the net result could easily be negative.

    Allowing users to opt-in is already a huge concesion. Vast majority of users do not understand the details of these technologies, and will not be able to make informed decisions when they are prompted by Firefox to allow installation of the CDM module. –just look at the current TLS cert warning and the “permanently confirm exception” button.

    If you trade off core values for market share –as you try to argument with the “even if Mozilla philosophically opposes the restrictions…”– you are then exposed to what ultimately drives you. It is business as usual.

    Principles must not be traded off precisely because it is the only thing one has left when everything else fail and you are alone.

    May 14th, 2014 at 22:44

  85. H.Z.

    Shame on you.

    May 14th, 2014 at 22:54

  86. markus

    I don’t want and don’t need this.

    Why does the Firefox Team betray the users?

    Sadly we now don’t have much choice as Google in Chrome already betrayed us.

    This is a sad day.

    Betrayal.

    May 14th, 2014 at 23:06

  87. Dis

    Maybe a part of this sad failure can be attributed to Firefox focusing on copying Google Chrome instead of leading. What used to differentiate Firefox from the rest is slowly disappearing so, yes, it has lost a lot of leverage because Firefox and Chrome are so damn similar in the eyes of a regular user.

    All this makes me wonder if Mozilla will ever be able to escape from Google’s financing trap because I think it’s slowly turning into a very slightly privacy enhanced, Google serving, browser.

    May 14th, 2014 at 23:37

  88. Wolfgang

    Since that CDM is closed proprietary it cannot ship in usual Linux distributions. And what I’ve read somewhere above the CDM checks the sandbox somehow for trust.
    How is this achieved for builds from Linux distributions and how to get the CDM into Firefox there?

    May 14th, 2014 at 23:51

    1. Gervase Markham

      If Linux distributions choose to leave this capability enabled, their copies of Firefox will be able to download and use the CDM just as ours does. We went to great lengths to make sure that rebuilders and redistributors of Firefox would also be able to use the CDM.

      May 15th, 2014 at 02:06

      1. cobaco

        you should be going to great lengths to make damn sure they can choose NOT to use it instead

        May 15th, 2014 at 05:45

  89. Camille Bissuel

    This is a shame.

    Philosophically it’s wrong, and technically it’s stupid. We are finally getting rid of Flash, and it’s coming back with another name.

    It’s because of it’s market share that Firefox should not implement this : it’s the Netflix’s task to adapt to the open web, not to Firefox to kneel down to Netflix.
    Firefox has more user than Netflix. And the world is larger than North America.

    Now I’ll have to find a really open source browser…

    May 15th, 2014 at 00:45

  90. KlausM

    I am ambivalent. While I can follow Mozilla’s argumentation, I tend to the position that Mozilla should entirely skip the EME implementation and avoid DRM. I am a long-time Netscape/Firefox user since the early days, but I don’t mind to temporarily use another browser in the rare event that a website has some trouble with Firefox. This will not make me switch entirely to that browser, especially, as I currently *trust* Firefox only to do it right. If I wouldn’t trust Firefox any longer, there would be one large reason less to use it. Trust is hard to earn and fast to lose, and with this decision, Mozilla is likely going the second way, even if the sophistic implementation cleanly separates the whole DRM cruft from the browser itself.

    May 15th, 2014 at 00:49

    1. hsivonen

      The problem is that even if *you* switch back to Firefox after temporarily using another browser for streaming movies, we don’t expect users in general to switch back if they find they need to go use another browser for the movie use case.

      Why hasn’t our support for NPAPI plug-ins, which add DRM without Mozilla-enforced sandboxing, caused you to lose trust in us already previously?

      May 15th, 2014 at 03:29

      1. KlausM

        > Why hasn’t our support for NPAPI plug-ins, which add DRM without Mozilla-enforced sandboxing, caused you to lose trust in us already previously?

        Maybe I didn’t know? Maybe I consider (erroneously?) a plugin less intrusive into the Firefox infrastructure than what is being planned with the integrated, intrinsic, explicit DRM support?

        May 15th, 2014 at 04:45

        1. Gervase Markham

          In which case, you’d be wrong – a sandboxed DRM-specific plugin is far less intrusive than a non-sandboxed (or, on Windows, mildly sandboxed) general application runtime like Flash.

          May 15th, 2014 at 05:57

          1. KlausM

            Well, I see this different, plugins were a general mechanism that was used for DRM as well, and now Mozilla puts in resources to implement code exclusively used for DRM. By the way, how much money does Mozilla receive from Adobe, Netflix or whoever for this?

            May 15th, 2014 at 07:01

      2. cobaco

        there’s a big big big difference between a legacy api that:
        a) is being phased out
        b) wasn’t originally created for drm, and has lots of non-drm uses

        and a new api that
        a) is being promoted
        b) has no non-drm uses

        May 15th, 2014 at 05:48

  91. A Smith

    I for one will be using the fork of firefox without drm.

    May 15th, 2014 at 00:52

  92. Juergen

    While I understand the reasons for Mozilla’s decision to implement DRM and while I really appreciate the efforts to minimize the negative effects of this intrusion it nonetheless makes me unhappy. It’s just one more step away from a free and open web.
    Besides there is a crucial detail I’d like to learn about. “The browser will download the CDM from Adobe and activate it based on user consent.” Does it mean that the CDM is automatically downloaded or do I still have a choice?

    May 15th, 2014 at 01:03

    1. hsivonen

      You’ll have choice not to *run* the CDM. Whether it’s going to be downloaded and cached in a quarantined manner before you are given the option to decline running it is still up for discussion.

      May 15th, 2014 at 03:31

  93. Martin

    Please don’t implement this in the core browser. This should be a plugin/add-on. I don’t want to support DRM in any way.
    And additionally every time DRM is used, there should be a link to a page which explains why DRM is bad and why you rather should not access the content to not support people who use DRM.

    You won’t get rid of stupid stuff like this, if in the end you support it anyway without at least trying to educate the users.

    May 15th, 2014 at 01:16

    1. hsivonen

      What was announced is exactly that it will be a plug-in/add-on!

      May 15th, 2014 at 03:32

  94. Eugene Wang

    …could someone download the source for the box, modify it to feed the content decryption module one single key, do this for multiple compilations, and circumvent the requirement that each device provide a unique key?

    Still, even though we went back about 10 meters, it makes sense when we realize we’re being handily beaten in a backwards-running race. Such is the pain of DRM.

    May 15th, 2014 at 01:19

  95. John Connett

    Any comment on the legal position of the Mozilla Foundation (a non-profit organization) choosing to drive the profits of just one DRM vendor, Adobe? This seems to raise monopoly/competition issues.

    Will we also see Adobe branding in Mozilla Firefox?

    May 15th, 2014 at 01:44

    1. Gervase Markham

      If other CDM vendors offered the same privacy position, sandboxability etc. of Adobe, perhaps we could consider them too. But we can’t force them to come to an agreement with us. Also, as each other browser has its own CDM implementation, why are they not subject to your accusation of competition issues?

      May 15th, 2014 at 05:59

  96. JB

    I won’t comment on the right or wrong decision here but on another point which, as to me, is fundamental and yet seems to be put away.
    Google implements EME and plugs its Widevine CDM inside.
    Microsoft implements EME and plugs its PlayReady CDM inside
    Apple does the same.
    And no Firefox implements EME and plugs … Adobe DRM inside.

    It means that DRM companies that used to have customers are simply dead, because they do not also develop a web browser.
    I thought that if Firefox were to implement EME, they would at least provide an open API to plug any CDM the user needs to use.

    Now the content provider cannot choose the DRM it wants, it can only select the ones that browsers allow… And this is supposed to be called open Internet where innovation is possible ?
    I am a bit puzzled here, as I see the web narrowing the business.

    Any response from Mozilla people will be very welcome on this point.
    Thanks, and have a good day everyone.

    May 15th, 2014 at 01:48

    1. Gervase Markham

      The API used by the Adobe CDM to communicate with the sandbox will be an open API – after all, the sandbox is open source. But we can’t force other CDM vendors to write compatible versions of their CDM. And they may not want to do that if they are not keen to offer the same privacy protections.

      May 15th, 2014 at 06:01

      1. ememozilla

        Is this API the CDMi interface proposed by Microsoft?

        If not, you say it is open, will it be publicly available? Any DRM vendors could have a CDM working with EME implementation in Firefox?

        Thanks

        May 27th, 2014 at 09:03

  97. Laci

    I don’t want this. Make it optional.

    May 15th, 2014 at 01:50

    1. hsivonen

      It is going to be optional. (Of course, if you opt out of DRM, major studios will not let you watch their movies in the browser via streaming services.)

      May 15th, 2014 at 03:36

  98. Shantanu Tushar

    Mozilla, as the hollywood’s Joker said – You either die a hero or live long enough to become a villian.

    You just became a villian.

    May 15th, 2014 at 02:04

  99. Sharuzzaman Ahmat Raslan

    Why can’t just Mozilla create a new fork of Firefox for the DRM lover people? And ask them to download that version. And while at that, make it proprietary, because Mozilla is not an Open Source company/community anymore.

    May 15th, 2014 at 02:09

  100. Rob Sanders

    So you’re replacing one DRM plugin (flash/silverlight) with another (CDM) and this time with no option to disable it? On top of that you chose the company with THE buggiest software this world has ever seen? Wow, that’s an improvement. All in the name of what, more money from the content providers?

    Can you tell us how is it more beneficial for your users who use Firefox because they do not want to have ANYTHING to do with DRM?

    At the end of the day – it’s your product and your decision. It would be nice if you consulted the community before forcing such change upon us. It might cost you more of your precious market share than you can expect.

    May 15th, 2014 at 02:10

    1. hsivonen

      “So you’re replacing one DRM plugin (flash/silverlight) with another (CDM)”

      Correct.

      “and this time with no option to disable it?”

      No. You’ll have the option to disable it.

      “Can you tell us how is it more beneficial for your users who use Firefox because they do not want to have ANYTHING to do with DRM?”

      Presumably those users don’t install Flash Player and Silverlight now but can still like with Firefox having the NPAPI hooks for them, because other users want to use services that require those plug-ins. Going forward, they will be similarly able to refuse to install the Adobe Access CDM.

      May 15th, 2014 at 03:39

  101. elmex

    No DRM for me!!!

    Force me to install, you will loose one user

    May 15th, 2014 at 02:25

    1. Henri Sivonen

      We won’t be forcing you to install. You will have the option not to install the CDM.

      Note that currently, Firefox on Windows prompts you to install Flash Player, which contains an Adobe Access DRM component, but Firefox doesn’t force you to install Flash Player, either.

      May 15th, 2014 at 02:47

      1. cobaco

        will the default be to not install?

        May 15th, 2014 at 04:41

      2. elmex

        Puhh ok, then it is fine.

        May 15th, 2014 at 05:29

    2. Mario Pizzi

      (Y) I support your proposal elmex!!!!

      May 15th, 2014 at 07:28

  102. Mark Sheppard

    Mozilla has given up its principals. At what point did you decide to start playing a numbers game and believe that the more users you have the better, no matter what proprietary freedom-restricting software you have to incorporate into your browser?

    May 15th, 2014 at 02:32

    1. Gervase Markham

      We don’t believe that. If we did, we’d fill Firefox with tracking software and monetize your data ;-) This situation is, hopefully, unique. We’ve tried to find alternatives but haven’t found any. What’s your suggestion?

      May 15th, 2014 at 06:03

      1. Swrr.ls

        Hopefully Mozilla understands that many users understand. Mozilla is NOT incorporating any proprietary software into their browser. It will ask for user consent to install the proprietary bits, and it will also put those bits in sandboxes to protect users from abuse by proprietary software. In this way, EME is VERY similar to plugins in Firefox – installed voluntarily, not as an integral part of the browser. If Mozilla has given up their principles on a matter like this, it is because they allowed plugins in their browser long ago. It is with a heavy heart that Mozilla has even accepted EMEs.
        I also have to commend them for their choice of Adobe as their EME supplier. Their security record is dubious (but lol at security in proprietary software in the first place), but they have even recommended that plugins such as Flash not be used. They seem to have recognized many of their mistakes in the development and deployment of Flash as a plugin.

        May 15th, 2014 at 06:55

  103. chdorb

    Even with EME enabled, Firefox will stay the “less bad” browser on the market. If you want to uninstall Firefox and use another, enjoy with some stinky browsers like Apple/Safari, Microsoft/IE, or Google/Chrome !

    May 15th, 2014 at 02:34

  104. Juan

    I hate DRM but current situations is far from perfect if you’re a Linux user as most proprietary plugins implementing DRM don’t support Linux or they do it poorly (like Flash DRM requiring HAL that has been dead and unsupported for years).

    I’d love to be able to watch paid content in a legal way, if we need to tolerate some DRM, I like the idea of Mozilla being involved as I assume they’re going to care for their users.

    And hopefully that includes Linux users.

    May 15th, 2014 at 02:44

  105. p

    Mozilla is not a non-profit anymore. It’s living off holywoods tit from this point. shame on you.
    switch to icecat

    May 15th, 2014 at 02:50

    1. abral

      Mozilla isn’t forcing you to install the DRM component. It’s just like the Flash plugin (or any other plugin), you can decide if you want to install the closed-source component or not.

      May 15th, 2014 at 08:51

  106. bill sux

    Actually, it’s time to fork what was once a good browser. Whoever decided to ship any binary blob crap to users has no understanding of Free Software, and only contempt for users. If you want to be lectured on Free Software, there are ample resources around, but going to http://www.fsf.org or http://www.debian.org would be good starting points.

    May 15th, 2014 at 02:57

    1. abral

      You’re free not to install the DRM component, just like you’re free not to install plugins like Flash.

      May 15th, 2014 at 08:50

      1. elima

        “You’re free not to install the DRM component, just like you’re free not to install plugins like Flash.”

        abral, this is a poor argument, repeated over and over along the comments. That rationale assumes that users understand the differences and will excersice an informed decision when they are prompted with a dialog to install/discard the CDM module. Unfortunately, the vast majority of users do not understand the risk of installing a binary blob governed by a for-profit company into their browsers. And this fact is used as an argument twisting it as “most people just don’t care, they just want netflix and co. to do its magic”.

        Mozilla’s mission is to protect users, including those that are not educated in techy/privacy matters. Precisely those users are the ones more in need of protection.

        So, the original argument is only true for these few who understand what is at stake and are concern about privacy/security issues.

        May 15th, 2014 at 09:58

        1. Anon

          >That rationale assumes that users understand the differences and will excersice an informed decision when they are prompted with a dialog to install/discard the CDM module.

          That rationale assumes that this is something new. It is *not*, they already *have* Flash installed.
          Except now, it’s in a sandbox and Mozilla has a little weight in how it’s going to happen.

          >So, the original argument is only true for these few who understand what is at stake and are concern about privacy/security issues.
          It is, hopefully, only going to get better for those kind of users.

          May 15th, 2014 at 11:19

  107. Sam

    It seems 90% of comments here disagree with the decision. Perhaps you could ask your users what they want. I think it’s better if mozilla does not cooperate with DRM. Better if it’s a 3rd party plugin or not at all. It’s worthwhile to oppose this DRM by protest, i.e. not supporting it. Now your complicit with it. Shame.

    May 15th, 2014 at 03:01

    1. abral

      Have you actually read the article? It is a 3rd party plugin. Mozilla will just develop the sandbox where the plugin will run.

      May 15th, 2014 at 08:53

  108. David Rutledge

    Well, I don’t have flash installed, I on’t have silverlight installed, and I’m not installing this abomination.

    May 15th, 2014 at 03:02

    1. Gervase Markham

      You are welcome to not use the CDM, of course. It’s entirely optional.

      May 15th, 2014 at 06:03

      1. Marcelo

        Yes, but this ’embracing under protest’ of DRM looks as Mozilla is caving in to Hollywood. And on top of that, doing it with Adobe, of all companies!

        Why not leave that off completely to a third-party plugin, and remain in the high standing it earned in society?

        I prefer Firefox to Chrome for a variety of reasons, and one of them is their standing for open source and open standards.

        Please don’t dissapoint your loyal followers.

        May 15th, 2014 at 08:29

      2. M.U.

        Too bad it doesn’t really work like that. As soon as you go from trying to help the user to trying to hinder the user (which of course is what DRM is all about) it’s inevitable that sacrifices will be made.

        May 15th, 2014 at 08:40

  109. Eumel

    Until now there was no widely used fork of Firefox(FF). Apparently FF was ok for most users. The logo-mimicry driven Debian to ship Iceweasel was not worth to switch to a fork outside the Debian community.

    This will change now. If Mozilla starts shipping closed souce DRM, I expect a strong fork for all plattforms – which of course cannot be named firefox, just like Debians modified version. I believe this way the userbase of the browser named Firefox will decrease more than if Mozilla would stand strongly against DRM in the Web and closed source components in its Software.

    May 15th, 2014 at 03:05

    1. abral

      You’re free to decide whether you want to install the DRM component (and watch DRM protected movies) or not.
      If you hate DRM (like me), just don’t install the DRM component.

      May 15th, 2014 at 08:55

  110. Ben Cordero

    I’m interested in hearing more about this “unique identifier”. What’s stopping downstream distributions of firefox (for example the tor browser bundle) who have the ability to modify the sandbox from sharing the generated identifier amongst a peer group/or other personal devices and presenting the shared identifier to the CDM?

    Legitimate use cases could include sharing the identifier between multiple browser instances, or syncing content between my FFOS phone and desktop. By the same mechanisms, this could also be used to anonymise the end user if many endpoints used the same identifier.

    This is starting to sound like some kind of super-cookie.

    May 15th, 2014 at 03:15

    1. Gervase Markham

      There should be a technical FAQ which explains more soon. However: the CDM trusts the sandbox (and verifies that trust by inspecting its memory space), so if you modify the sandbox, the CDM will no longer work for you.

      The identifiers are per-origin so cannot be used as a super-cookie to track users across sites.

      May 15th, 2014 at 06:05

      1. M.U.

        How can you claim the DRM is in a “sandbox” if it’s allowed to inspect memory?

        May 15th, 2014 at 08:41

  111. allo

    Maybe Mozilla is wrong with one of their goals.

    The goal of mozilla should not be “we want the biggest marketshare”, but “we want to build the best browser”. And if only mozilla people and a few enthusiasts use it … its okay! Let’s build whats cool, not what the majority dictates. A company like Apple needs to look at its marketshare, free software does not.
    Assume Google may stop sponsoring firefox (for not being able to play the future google play videos). So what? There are enough programmers, which develop software free of charge. Even if mozilla would stop developing firefox, people from GNU (icecat), debian and many other projects would maintain a fork.
    So, why support something unethical, only to have some users, which want something, which does not belong to a free web?
    Lets make an example here, other free browsers will follow.

    May 15th, 2014 at 03:16

    1. Gervase Markham

      “And if only mozilla people and a few enthusiasts use it … its okay!”

      That’s where we differ. We don’t think that’s OK, because if only a few enthusiasts use the browsers of the people pushing for openness, the web will get a lot more closed a lot quicker. Market share of Firefox is what gives Mozilla a strong voice in setting web standards.

      We can’t win everything, but that doesn’t mean we should give up.

      May 15th, 2014 at 06:07

      1. Nathaniel

        I’m glad Mozilla is out there trying to maintain a large enough market share to make a difference, even in difficult decisions like this. Thank you!

        May 15th, 2014 at 07:52

      2. Erik

        “Watermarking”, really as DRM alternative?? I don’t understand this fight against DRM… While I understand the principles against it, no one is forced to use netflix, or watch encrypted content on TV network websites. Also I think it is wrong to dictate content producers how to distribute their content.
        In addition, isn’t this new EME simply a new implementation of what is already used in Flash and Silverlight?

        May 15th, 2014 at 10:07

  112. David Ayers

    I am also very disappointed. The only way a CDM API would be acceptable is if you also provide a free software implementation of it, which of course will most likely render it obsolete, as the DRM scheme is designed to disobey the user.

    This needs a prominent warning to every user when this is executed. Yes, executed, not only when installed, that untrusted, closed, potentially spying malicious code will be executed and the system should be considered compromised.

    Mozilla keeps relying on advertisement for funding and by extension on a mass of users who do not care about software freedom and privacy. With developments like this you will keep maintain those users while alienating those of us who do care.

    I’m already a member of the FSF, a fellow of the FSFE, I’ve been a Canonical and Red Hat customer, I donate regularly to all types of free software projects. But Mozilla won’t be receiving and donations from me until this situation has fundamentally changed.

    It is blatantly clear to me, if not to you, that I have become the product you sell to your potential advertiser customers, whose adds you are trying so hard to incorporate into your browser.

    Where can I buy a support subscription for a browser that respects my freedom?

    May 15th, 2014 at 03:31

    1. Gervase Markham

      You can support a browser that respects your freedom here: http://donate.mozilla.org/ . Remember, you will have the option of saying No at the prompt, and no DRM or proprietary code will execute on your machine.

      May 15th, 2014 at 06:08

      1. KlausM

        If I ever had donated money to Mozilla (besides doing bug reports here and then), I likely would stop now. I wouldn’t like the idea that some of the money is spent in developing stuff like the sandbox or the browser code that glues everything together.

        May 15th, 2014 at 11:36

  113. Sam Kearns

    W3C EME, and DRM in general, has only one purpose, to take control away from users and place it in the hands of a few small and powerful corporations for their profit.

    If you think I am being hyperbolic then answer this: How will private individuals use EME to protect their creative output when publishing via their own websites? By buying expensive, proprietary, server side technologies?

    DRM directly hurts innovation and openness by allowing outdated business models to avoid change. Business models based on strict control and dissemination of information are exactly the kind of old world hegemony whose destruction is what makes the Internet such a liberating and democratising force. Pushing back against these incumbent powers is precisely the revolutionary social change that has made the Internet worth defending in the first place.

    I also completely reject the notion that refusing to implement EME will have no useful effect. Lack of standardisation creates a level of friction for DRM implementers that reduces their effectiveness which influences the decisions of companies making decisions on whether to use it or not. Making it easier to implement for Firefox closes the gap for easy DRM delivery to a fifth of the web in one stroke. It’s the same kind of wrong headed argument that claims that regulating un-scientific medicine protects the public, all it does is spread a patina of authority over an otherwise sordid practice.

    As others have noted, the primary feature that makes Firefox my preferred browser is the fact that it stands on a strong principle of defending and empowering users and the open web. If it loses this feature, I might as well use chrome which is technically superior in many other ways.

    May 15th, 2014 at 03:32

    1. Gervase Markham

      “How will private individuals use EME to protect their creative output when publishing via their own websites?”

      Hopefully, they won’t put the additional burden of DRM on themselves. That would be the right choice.

      May 15th, 2014 at 06:09

      1. KlausM

        Sorry to say that, but this answer is somewhat hypocritical. So DRM is o.k. for companies, but not for the ordinary user?

        May 15th, 2014 at 11:29

  114. Hans

    To keeo it short: No way!

    Hope Mozilla will listen mainly to user interests instead of user counts and industry interests.

    How about thinking it the other way around: If you keep FF DRM free, maybe it will attract users and this will put pressure on the DRM-friendly industries?

    May 15th, 2014 at 03:34

    1. abral

      What do you think an user that has paid for Netflix or is watching a protected video on YouTube would do if Firefox said “I’m sorry, you can’t view this because …”?
      Would they fight against DRM or would they dump Firefox and switch to a browser that supports DRM?

      I think it’s much better to give the users the option to choose between DRM and not. Firefox is giving you this choice, you can decide whether you want to install the DRM component or not.

      May 15th, 2014 at 08:58

  115. Guest

    How would sandbox work? Is it going to be a javascript virtual machine running binary blob, like http://bellard.org/jslinux/ ?

    May 15th, 2014 at 03:59

  116. Paweł

    Have you considered showing extended information when requesting user to install this plugin? Instead of just “You need X to see this contend. Click here to install” you can show something like this:
    “This content owner thinks you’re a thief and requires you to install a plugin. They DO NOT WANT you to know what this plugin will do!” ;)

    May 15th, 2014 at 04:01

    1. Yves D

      Good idea !
      I must say i understand both sides (the pro and cons) here … And I agree with those saying that DRM (and proprietary CDM accessing your private info) are remains of today’s (old ?) economy … and therefore just help to enforce the current business models.
      But I also understand Mozilla and Firefox developpers when they try to keep FireFox a kind of Swiss Army knife, able to browse and play any content compliant with W3C. The risk is big to have FireFox “almost” disappearing from the WWW picture except for some “geeks”, knowing that Apple’s Microsoft and Goggle browsers will dominate a market where DRM (and CDM) of (soon) every content will be the rule.
      If you want to be able to change the world, you have to weight on it. if you represent only 1 % of the browser “market” … forget it !
      The way FF want to implement the CDM seems to me the less harmfull one.
      To let “average” people know what is behind, i favour such “warning notice” when FF will give access (thru this SandBox) to DRM content :-)

      May 15th, 2014 at 05:45

      1. elima

        […] The risk is big to have FireFox “almost” disappearing from the WWW picture except for some “geeks” […]

        This has yet to be proven truth, however Mozilla’s statement and many commenters like you are assuming this as an universal axiom.

        The amount of users comsuming these DRM-hungry contents (“Netflix, Amazon Video, Hulu”, YouTube, and others to come) account for a tiny fraction of the amount of media content that can be consumed online. Also, most of these services run only in the US, which accounts for just a slice of the global Firefox userbase.

        Remember that nowadays, media content production has been hugely democratize. Just look at the amount of freely available, high quality content in YouTube, Vimeo, blip.tv, etc. that has been created by individuals and small media producers.

        Saying that implementing this spec is the only way to save Firefox relevance is ridiculous.
        But implementing it might very well undermine Mozilla’s very core values and scare away millions of users.

        Can it be that Mozilla is actually underestimating its real power?

        May 15th, 2014 at 10:36

  117. Endyl

    There are so many ignorant comments in here that I feel the need to voice my opinion:

    I still trust Mozilla and Firefox to the fullest.

    It is indeed sad that this choice had to be made, but I think this is the smallest bad out of the others that are possible today. This is still the one that gives us another day to fight and overcome DRM and also provides a reasonable comfort both in user experience and privacy.

    I wonder why would those saying they are switching browsers choose another browser that protects their privacy to the least necessary extent while Mozilla Firefox still protects its to the most possible.

    These kind of choices are why I have been and am still loving Firefox.

    Go, Mozilla! The Open Web needs you!

    May 15th, 2014 at 04:10

    1. Nathaniel

      “I wonder why would those saying they are switching browsers choose another browser that protects their privacy to the least necessary extent while Mozilla Firefox still protects its to the most possible.”

      I was wondering the same thing myself! To those who plan to drop their support/use of FireFox, which alternatives do you see as the best option for the average user?

      May 15th, 2014 at 07:57

  118. xplt

    [I’ve been using Firefox since, I think, version 0.8.0 and] I feel betrayed. Seriously, after so many years of advocating and dealing with restrictions (like, not implementing H.264 or WebP or hmm… ActiveX [http://robert.ocallahan.org/2010/01/activex-all-over-again_25.html ] ), Mozilla now will turn around and say: “screw it, we want to get a piece of the cake named ‘streaming video services'”? This is just wrong. On the ethical side.

    On the technical side: what’s the difference from the current plug-in system (which you’re trying to make obsolete)?

    May 15th, 2014 at 04:30

    1. Endyl

      That’s the point. There is not much difference privacy-wise. As I understand, Firefox will still not ship with closed source code compiled into it. You will still have the choice whether to use and download the proprietary piece of software (CDM) or not. So if you want, nothing will change ragarding your privacy unless you choose otherwise. Pretty much like it was before with the plug-ins.

      The choice is still in our (the users’) hands. And as I understand, you don’t really have this choice with other browsers.

      On the other hand: plug-ins are still there (although diminishing), which are much bigger pieces of closed source softwares, yet people don’t complain about them, just simply ignore them, if they think they might compromise their privacy. Well, you can do the same thing here.

      However this choice gives Mozilla a bigger fighting chance against this DRM nonsense while still protecting our privacy, giving us choice and providing an excellent and customisable user experiance unmatched by any other browser.

      May 15th, 2014 at 04:54

    2. Gervase Markham

      Except we did have to implement H.264. :-| The issues there were similar, except that we managed to do it with an open source implementation – even if it does have to be downloaded from a 3rd party.

      The difference from the current system is that the plugin is much smaller, and properly sandboxed so its capabilities are restrained.

      May 15th, 2014 at 06:12

      1. xplt

        Well, thanks for the answers. It’s really appreciated. I hope Mozilla will publish technical FAQ in the following days.

        May 15th, 2014 at 10:03

  119. Sven W.

    Another reason to search for a real OPEN source browser.
    Its a no-go step which mozilla is going here, why not make this as an add-.on and only available for users who reaooy want to have proprietary closed source on there devices but users who do not accept this have the choice!

    Maybe we should go back to the good old Mosaic times :)

    May 15th, 2014 at 04:34

    1. shiggy

      > why not make this as an add-.on and only available for users who reaooy want to have proprietary closed source on there devices but users who do not accept this have the choice!

      That’s exactly what they are doing. Firefox will not ship with any proprietary code.

      May 15th, 2014 at 07:01

  120. Alex

    This is not good, you’re surrendering to the powerfull bad people. Not implementing EME would also be bad for EME, they would loose visits and users helping people to be free. This surrender is a great victory for them. I understand your fears to loose users, but the risk must be taken to prevent DRM freedom restrictions. Principles are more important. I don’t want them to control me in any way. I know you’ll not change your mind only for this comment, but at least when asking users to install de CDM shit, tell them a lot about what they loose by surrendering.

    May 15th, 2014 at 04:38

  121. Johan H

    Although I don’t like DRM, I think Mozilla has taken a necessary step here. As long as this is “correctly” implemented, like a plug-in or add-on, and not forced on the user, I’m actually happy that I finally could have the possibility to buy closed content in Linux, if I choose to do so. I am a long time Linux user and partly a supporter of the free software idea, and there is nothing wrong with buying copies of commercial “art” such as online video. The price to pay here is the non-free blob that is used to show the art. Maybe a necessary evil; the future will tell.

    May 15th, 2014 at 04:46

  122. Pierre

    Stop DRM!

    I feel like you are betraying us!

    May 15th, 2014 at 05:14

  123. Dis

    Hey Mozilla, I have a simple question.

    Quoting “What is EME” by Henri Sivonen:

    “EME does not specify the output abstraction for CDMs. It leaves open several options. The CDM could:

    Merely perform decryption and hand back the encoded media (e.g. H.264) to the browser.
    Perform both decryption and video decoding and hand back the raw frames to the browser for painting.
    Perform decryption and decoding and transfer decoded pixels directly to an operating system compositor in a way that bypasses the browser.
    Perform decryption and decoding and then work together with the GPU so that not even the operating system gets the opportunity to read the pixels back from the GPU.

    Which of these options will Adobe/Mozilla implement?

    May 15th, 2014 at 05:21

    1. I have no idea what I’m talking about

      “Perform decryption and decoding and then work together with the GPU so that not even the operating system gets the opportunity to read the pixels back from the GPU.”

      How is that even possible ? Userland has direct access to the GPU, bypassing the OS completely ?
      That sounds unsafe as hell considering how unstable GPU are, especially OpenGL drivers.
      I can’t find anything on Google, anyone has a link talking about this ?

      May 15th, 2014 at 12:45

  124. Paul

    I understand the requirement for a Content Decryption Module, I’m not going to pretend that the requirement for it isn’t real in this time of Netflix. But why does it need to be a closed source CDM?

    May 15th, 2014 at 05:24

  125. Anonymous

    I hate you Mozilla, worst company ever. I will change Firefox with something else because of this. Enjoy.

    May 15th, 2014 at 05:28

    1. abral

      You can decide whether you want to install the DRM component or not. What’s the difference with the current situation where you can decide whether you want to install plugins or not?

      May 15th, 2014 at 09:02

  126. Salz

    To disable misuses of the plugin as well as malicions actions of it by itself, you should at least run it in a seccopm container (in Linux, Windows and Mac should have something similar).
    Also it should be mandatory for the user to activate the plugin every time before it is used, like firefox already does with other plugin (click to play).

    May 15th, 2014 at 06:02

  127. Pete Chown

    While DRM makes me uncomfortable in many ways, I support Mozilla’s decision. Mozilla only has influence because a large number of people use its products, so it has to make sure that those products satisfy users’ needs. If it doesn”t, it will lose market share. No market share would mean no influence, and then Mozilla would have lost anyway.

    Incidentally, how will content providers sign up? It would be a shame if Mozilla handed Adobe a lucrative monopoly on DRM with Firefox. If we’re having DRM at all, it should be a transparent system that anyone can use, without having to enter into an expensive and perhaps secret deal with Adobe.

    (With Chrome, you can do the base EME straightforwardly. If you want to use Widevine, as far as I can tell you need to negotiate a deal with Google, and the terms are not made public. As a profit-making company, Google can operate this way if it wants, but I believe a non-profit should be more transparent.)

    May 15th, 2014 at 06:12

  128. gasp

    I hate DRM.
    But I would even more hate that firefox FORBIDS me to do view a media with DRM just because of principles while I definitively WANT to see and I’m mainly AWARE of potential dangers the use of a DRM include.

    So, to give the option to the user is the best. But firefox SHOULD warn users !

    May 15th, 2014 at 06:29

  129. Pollewetzer

    If You will realize this modell in this kind, that I cant avoid these stuff, I will change immediatly to chrome or any other browser! –

    There are lots of other Protections Models what could make the deal! – but we have not to follow the NSA-Behaviours and -desires of some modern marketing-Nazis!

    This is Marketing- and Selling-Totalitarism!!! This goes in the same direction as the extended nonsense of patent-Marketing…

    I want to live in a free world. If somebody will not offer in the conditions I can accept I for myself WILL NOT BE BUYER!

    So keep away this stuff!

    Pollewetzer
    Germany

    May 15th, 2014 at 06:40

    1. Bruno

      “If You will realize this modell in this kind, that I cant avoid these stuff, I will change immediatly to chrome or any other browser!”
      This article already explains that the EME module will work the same as the current Flash and Silverlight plugins, i.e. they will be distributed by third parties and NOT be part of the core Firefox product. It will only be available as an optional addition to the software, for the users who DECIDE to install it in order to unlock DRM’ed content.

      Chrome, by contrast (as far as I know), will have this module installed by default and will NOT wrap it in a sandbow to limit its access to your personal information, so I wouldn’t recommend switching to that if you’re offended by Firefox’s compromise.

      May 15th, 2014 at 09:06

  130. Christ Sperber

    Dear Mr. Gal,

    I´ve read the article in another newsfeed and I´m stunned about the conclusions you are making. From my point of view they are all wrong and the opposite will happen with a forced DRM in Mozillas Software.

    For me and the most people I´ve talked to since your article, it´s a NoGo and will force us to end the use of the browser. The idea to _force_ (!) users into DRM is – in one word – nonsens and indeed is breaking the open browser idea, which made firefox to what is today. A closed DRM in an open browser is something, were one of both can´t exist. To tell anything else then that, is nothing more as fooling the community and an act of leaving the cirlce of trust, users were willing to leave Mozilla in.

    Especially, when there is no need to force the users. Why not offering the open browser without the DRM and let users decide, wether they want to install the DRM as a module or a browser version with the implemented DRM vice-versa a browser version without.

    Sorry to say that – but like all the others, for me an implemented closed DRM will be the EOL for Mozilla´s open browser. The introduced DRM concept crosses a line, which no one should ever touch.

    Regards,
    Chris.

    May 15th, 2014 at 06:47

    1. bb10

      Apparently you didn’t read anything at all.

      I’ll quote the lines for you: “As plugins today, the CDM itself will be distributed by Adobe and will not be included in Firefox. The browser will download the CDM from Adobe and activate it based on user consent.”

      May 15th, 2014 at 07:12

  131. NoDRM

    So you’re going to eliminate Plugins ?

    No more Ad Blockers, Skins, Tweaks, etc.

    So whatever scrambled mess you decide to make of the UI, we’re going to be stuck with?

    May 15th, 2014 at 07:04

    1. Brett Zamir

      What you are referring to are typically called in Mozilla terminology, add-ons (or extensions) or themes while plug-ins refer to code which processes proprietary code like Flash and whose functionality can now mostly be replaced by web standards. Mozilla is certainly not getting rid of add-ons.

      May 15th, 2014 at 08:35

  132. Joe

    OK, time to switch to Chrome, at least those guys give me better things for my privacy. If You’re Not Paying for It; You’re the Product

    May 15th, 2014 at 07:04

  133. Kristian

    Will the CDM run under Linux?

    May 15th, 2014 at 07:05

  134. yanosz

    Hello,

    Following:
    “We have come to the point where Mozilla not implementing the W3C EME specification means that Firefox users have to switch to other browsers to watch content restricted by DRM.”

    Well, I’ve decided, that it has come to a point, there the websites I’m in control of, will reject firefox-users supporting W3C EME.
    Thus: Firefox users will have to switch their browser not matter what you do.

    I’ll put this on github the moment it’s finished.

    Keep smiling
    yanosz

    May 15th, 2014 at 07:12

    1. Bruno

      I hope you will also reject other browsers that support EME, then?

      May 15th, 2014 at 08:58

  135. Deivi Kuhn

    The mainly question is why Mozilla didn’t vote in a W3C against EME?

    May 15th, 2014 at 07:15

  136. Michaela Merz

    One more thing: We are used to not being able to watch or view content with only one browser. Mozilla didn’t support MP3 in Linux environments, no FLV without Flash-Plugins. We now have video without plugins and javascript MP3 decoders. Mozilla refuses to implement the Chrome sandboxed filesystem API leaving us unable to access some services which require that. But we didn’t care. The principles of open and free software by far outweighs the disadvantages.

    Mozilla is way more than a browser factory. It is an organization that should fight for freedom. It should say NO to any and all attempts to take freedom away from the community.

    This closed source Adobe Access CDM is only the first step and is clearly an attempt to test the will and strength of the community to fight for our freedom. Now that Mozilla is waiving the white flag (without a fight) we will see many more attempts to corner the free Internet. DRM for complete web sites is around the corner – and it will end the Internet as we know it.

    And we didn’t even fight.

    May 15th, 2014 at 07:18

  137. superlupo

    Please stop this bullshit! Don’t you see you are supporting a future web where you need plugins for viewing most of the media?!?

    May 15th, 2014 at 07:26

  138. Dr. Azrael Tod

    so this will probably never work on less-common systems like *bsd, linux on arm(el/hf) or others.
    great!

    the right way to implement DRM is not to do it.

    every percent of browsers out there that doesn’t have HTML-DRM would force content-providers towards restriction-less content.
    Your Statement

    Mozilla has little choice but to implement EME as well so our users can continue to access all content they want to enjoy

    is just bullshit. currently there is no force to implement this, because no content-provider uses it, because available browsers dont implement it. (and there will never be IE7/8 that do).

    May 15th, 2014 at 07:28

  139. Jean W

    I don’t understand the anger in here.
    The new HTML is allowing so much more important stuff to angst about than DRM – which has always been a choice, even for dummies downloading with Silverlight etc, and even in non-Moz browsers.
    Nobody in this thread has to lift finger to preserve themselves from the dinosaurs of DRM; the choice whether to participate in the DRM economy comes long before the choice of browser.
    And long after, the gods willing.

    DRM/hardware management is a failed tech, and Moz needn’t do much more than nod to it – which they are doing here, pace Gervaise Markham – while the world of knowledgable and nimble circumvention will continue to spin separately from it.

    Thanks to the Moz folk for negotiating a hopefully non-hackable wrapper for the Adobe DRM code, which users who’ve already decided to engage with DRM will be able to use just like a fully third-party plugin, but with less risk to their systems.

    In a separate thoughtbox: the comparison of likely dialogs for getting specific user consent for running the sandboxed code with the Fx dialog for allowing certificate exceptions is facile and greatly underestimates the comprehension of the general Fx user; a Fx downloader has usually been through the arguments for FOS vs ‘free’ vs proprietary, even if in a skimming way, and will generally have already decided about engaging with DRM in a more than novice way before downloading Fx. Many many are becoming knowledgable about flashing portable hardware.
    As with Certification they may not understand the code behind implementation either, but they will generally not dismiss Fx warning dialogs in the same way as the general MS-as-first-and-only browser user does.
    Shame on you users who run Fx users down.

    May 15th, 2014 at 07:28

  140. Jamie Katz

    Can Mozilla help focus on defeating the DRM scheme?

    May 15th, 2014 at 07:30

  141. mittfh

    Several commentators seem to have ignored Gervase’s repeated comments that the Adobe CRM will not ship with Firefox by default. I assume what will happen is that if you view a site with an EME video is you’ll get the standard “Firefox needs a plugin to view this content” banner. Clicking that will take you to a download page for the CRM plugin – you’ll then need to click another button to download it, and when the installer starts, you’ll face the standard “Are you sure?” dialog box.

    Sure, Mozilla could have flat out refused to develop a system to enable users to play EME video, but given many users aren’t clued-up enough to know about the implications of DRM (and couldn’t give a flying fig whether software’s closed source or open source), it would cause a haemorrhaging of users – and by extension, developers of Add-ons (which have the ability to do far more than add-ons in Chrome/Chromium).

    So over time, usage of Firefox could decline to insignificant, with the vast majority of add-ons and themes unavailable for use (as the browser code will have moved on to such a point whereby they’d no longer work – even if you hacked the settings within install.rdf).

    By adopting this approach, Firefox stays within the in-crowd, and as the browser itself is open source, those passionately objecting to EME are free to use either a pre-existing fork without EME or develop their own.

    May 15th, 2014 at 07:31

    1. Dzver

      See here:
      https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/comment-page-2/#comment-2160833

      “Whether it’s going to be downloaded and cached in a quarantined manner before you are given the option to decline running it is still up for discussion.”

      Main point is, you can’t trust Mozilla anymore.

      Before it was “No DRM”.
      Now they say “DRM but sandbox, you will have opt-out, etc”.
      Next month they say “we removed opt-out b/c there’s no need of this option” ; )

      May 15th, 2014 at 08:55

  142. Ramana Kumar

    I certainly won’t be using any non-free CDM. The great thing about Mozilla’s software is that it respects my choice to avoid things like DRM. However, I feel like Mozilla has missed a big opportunity here to change the tide of public opinion on DRM, or even to bring the idea into more people’s heads. As one of your users, I feel I need to say two things loud and clear: I do not want DRM in my browser! (i.e. you didn’t do this for me, one of your users), and You have earned the respect of enough people to have a real influence on how people value the open web: I recommend that you use every opportunity you have to remind people who might use the CDM “unaware” of what they’ve given up, and keep pushing for the end of DRM.

    May 15th, 2014 at 07:36

  143. Mario Pizzi

    ¿Firefox should help users get access to the content they want to enjoy, even if Mozilla philosophically opposes the restrictions certain content owners attach to their content?

    One thing or orther. Like mozilla user, if I have troubles to see an DRM content (maybe a movie) I just no see that moovie and look for other movie.

    MOZILLA PLEASE DO NOT SELL YOUR SOUL

    May 15th, 2014 at 07:37

  144. Schwarzmaler

    And another step down the bad road. First time I started to get suspicious was when FireFox stopped to allow me to disable Javasript in the settings dialog. Time to rethink my browser choice.

    May 15th, 2014 at 07:46

  145. Dave Laderoute

    Okay, so you say you’re doing this so you don’t lose market share, so you can retain sufficient clout to influence the future of the web re DRM. I believe you. So…what’s the plan now? You’ve done the first part–caved to the demands for DRM in the browser. Let’s say you retain a big market share. What next? What’s the plan to influence things towards less or no DRM? If you’re making that claim as the basis for doing this to your users, I think you owe those users who are going to choose to stay with Firefox some indication of the way forward. Otherwise, you’re leaving it open-ended, with no real indication you’re going to actually do anything more about this.

    May 15th, 2014 at 07:48

  146. Jonas Wagner

    Firefox has lost it’s technical superiority a while ago. Now it has also lost it’s moral superiority. I must say I feel betrayed by both Mozilla and the people in charge of web standards. You have been entrusted with tremendous power yet you don’t use them to face your responsibility to protect the web. Let’s just hope that google will be a benevolent dictator…

    May 15th, 2014 at 07:54

  147. Jean

    Please recondier this decision.

    There is a difference between, not forbiding users to install a DRM plugin, and working actively with a nasty proprietary company as adobe in order to promote DRM.

    I you don’t reconsider I hope that firefox will be forked like libreoffice for openoffice.

    We cannot have a symbol of free software and numerical liberty that promotes actively DRM.

    May 15th, 2014 at 08:00

    1. Marcelo

      Agree!

      May 15th, 2014 at 08:36

  148. Titanius Englesmith

    DRM is fundamentally flawed. The module will be reverse engineered, then bypassed. The private interests will not be satisfied, and an increasingly shitty precedent will be set.

    Count me out of this sillyness. DRM is turtles all the way down.

    Have some corroberating statements:

    [Doesn’t work]
    http://www.forbes.com/sites/danielnyegriffiths/2012/05/18/the-truth-is-it-doesnt-work-cd-projekt-on-drm/

    [Doesn’t work]
    http://www.pcworld.com/article/125227/article.html

    [Damages goods]
    https://defectivebydesign.org/what_is_drm_digital_restrictions_management

    May 15th, 2014 at 08:03

  149. Cyril

    I’ve been using firefox for a logn time now. It has become huge, slow,
    keeps changing its GUI (I’m on ubuntu btw), but I have always kept using it because it defends the philosophy of free and open source software, and I want to support that even if it costs me.

    So, tell me, what could motivate me now, not to switch to google chrome??

    May 15th, 2014 at 08:11

    1. Bruno

      What about the fact that Chrome also implements EME but in a proprietary, obscure fashion?

      May 15th, 2014 at 08:34

    2. abral

      Google Chrome isn’t opensource and you can’t decide whether you want to use closed source components or not (the whole browser is closed source, its pdf reader is closed source, its plugins are closed source, etc.).

      Firefox is opensource, you can decide whether you want to install additional closed source components or not. It’s completely different, your freedom is respected!

      May 15th, 2014 at 09:05

  150. Ana

    Hi,

    Will EME be supported on Linux?

    May 15th, 2014 at 08:13

  151. AgentProvocateur

    I smell a NSA backdoor! Put this crap in and I am out! You put this in and the tor browser bundle can switch to google chrome! I am disappointed as fuck!

    May 15th, 2014 at 08:16

  152. dr Equivalent

    So you give up on free and open web, right?
    Well, no biggie, I can still use Midori.
    Fools.

    May 15th, 2014 at 08:16

  153. Majority

    “The Only Thing Necessary for the Triumph of Evil is that Good Men Do Nothing.”

    Firefox, you are doing worse then nothing.

    May 15th, 2014 at 08:17

  154. Guest

    If this is needed by rights holders, I’d believe that it would be worth publishing an open source version of said CDM (public git repo), have automated tests for CDM access (API) permissions, enforcement and such. I’d even go further in saying there should be an open source public content test server available for said tests and to ensure both technical and legal rights are preserved, thus it provides an alternative to free content to use or fill same content channels as paid/non-free content. A step further would be to label non-free content at execution, perhaps linking to alternative free (non DRM) content, I.E. “You are about the access Bambi with DRM. Are you sure? Here is a link to “Bambi” related FREE content…”

    May 15th, 2014 at 08:18

  155. Bruno

    I applaud Mozilla for making this tough but smart decision. I heard it from FSF first but I don’t agree with their opinion that Firefox should stand up to EME in the present. Firefox is in a position where it can drive important change for the masses, and it can only retain that position by maintaining a strong userbase. But if the content people want is only accessible on every other browser, that userbase will melt faster than ice cream in the sun, and Mozilla’s influence with it.
    Mozilla’s solution described here sounds like a better compromise than I could have imagined, and the fact that it’s an optional plugin makes it no different in spirit than the current situation with Flash – so why throw a fit now? Those who can’t stand DRM don’t have to use them, those who don’t care and just want movies can install them while preserving a safer environment.
    As long as Mozilla uses this opportunity to educate people about what the industry is doing with DRM (EME) and what exactly the users are suggested to install, I think we’re making the best out of the situation, hopefully leading to more favorable outcomes in the future. Sometimes you need to lose a battle to win the war…

    May 15th, 2014 at 08:44

  156. M.U.

    They can try to dress it up any way they want, but the bottom line is they sold us out and it will only get worse is they hold this course.

    May 15th, 2014 at 08:50

  157. Tobias

    Implementing DRM provisions *at all* is a breach of free software fundamentals.
    Now we have not only to fork the W3C, but also Firefox.
    Thanks Mozilla.

    May 15th, 2014 at 08:51

  158. Privacy Advocate

    I realiz this is a hard decision, but what you are proposing sounds like a reasonable balance. It’s unfortunate, but what are you going to do? Thankfully it doesn’t effect me, as I stopped watching anything from the content industries over 5 years ago and haven’t looked back. I would suggest others do the same if you want to limit their power over what you install on your own computing devices like this nonsense…

    May 15th, 2014 at 08:53

  159. Sam Watkins

    Oh look, the overwhelming majority of comments disagree with this decision. The FSF and EFF both condemn this decision. Perhaps it’s time to admit you made a mistake and cancel this already.

    May 15th, 2014 at 08:55

  160. Joe

    The mozilla purpose is supposed to be, to defend a Free and open web. “Committed to you, your privacy and an open Web”, there is written in the front of the site. But if you take this kind of decision this is just a joke.

    You had two choices, the first was to discourage users to use DRM, and therefore give hope that DRM does not spread.

    But you choose to ENCOURAGE people to use DRM. You’re making sure that the WEB WON’T BE OPEN, and will be full of DRMs.

    How can we call this by an other word than “betrayal”.

    You should refund every people who donated money to you believing that you would defend an open web! You’re using that money to develop DRM bad things with adobe…

    May 15th, 2014 at 08:58

  161. hakre

    You surrended and you expect your users to surrender with you. You underestimate your influence and make your users a bunch of million cooperate puppies.

    In short terms: You failed. Your users interests should be focussed. Sneaking in for compromises might be a users choice, you make it Mozillas way of living. At important corner-stones. :/

    Where is your clear voice in the W3C?

    Looks like that you should return some of the awards you’ve achieved recently… .

    May 15th, 2014 at 09:14

  162. GoOgleMSAdObe

    https://www.mozilla.org/en-US/about/manifesto/

    May 15th, 2014 at 09:28

  163. rioter

    Remove DRM from Firefox
    free as freedom…

    iranian user

    May 15th, 2014 at 09:41

  164. Tora

    An open source sandbox being considered safe by an proprietary DRM solution? That sounds impossible. I can’t imagine any way for this sandbox to be actually safe/tamperproof.

    There’ll always be a way to modify the sandbox (eg. the identifier generation part). It’s been said that the CDM checks wether the sandbox is trustworthy by checking its memory, but it the CDM is truly sandboxed, it’ll be possible to fake that somehow.

    I don’t see how DRM can actually work if OSS is involved somewhere in the stack. Heck, we could even modify our video drivers for grabbing the media.

    May 15th, 2014 at 09:48

  165. foo

    Bullshit

    May 15th, 2014 at 09:49

  166. Martin

    I don’t think that enabling DRM is in the best interest of web users or the free and open internet. Mozilla would doing harm to those values, just like for-profit companies (Apple, Google, Microsoft). Isn’t Mozilla a non-profit entity or something? Please reconsider this decision, thank you!

    May 15th, 2014 at 10:01

  167. John Fenderson

    “in the near future this should allow us to retire plugins altogether”

    Wait, what? You can’t seriously be considering doing away with plugins, can you? After all of the concessions Firefox has made so far, this would be eliminating the last remaining reason to continue to use Firefox.

    May 15th, 2014 at 10:08

  168. Maki

    Mozilla turns its back on its userbase with this. There is NEVER any good reason to include DRM.
    By allowing DRM to be an integral part in your browser – instead of as a plugin that users can CHOOSE to turn on/off (with the default being off), Mozilla is playing into the hands of those who want to lock all content on the internet within the next generation.

    You move to the wrong side in this ongoing war for freedom of online expression and have lost me as a supporter and user of your products. Where I would advocate people to use Firefox over Chrome before, now they’re one and the same and I will no longer support Mozilla products.

    Until you drop EME.

    May 15th, 2014 at 10:13

  169. ljones

    As so many others have said, this is a very bad decision.

    DRM in my web browser means that web browser will go. Just saying “you’re free to not install” with regards to DRM is a pretty poor argument. So what happens when more and more websites require you do install DRM junk? Why does mozilla now consider money more important than its users and freedom? Why are hollywood movies more important than users’ freedoms?

    I know this isn’t related per se, but from what I gather – mozilla recieve lots of money from google. And then there’s Firefox OS which will run on ‘phones — which supports advertising out of the box and which if you dare root your Firefox OS device you loose your warranty.

    I’m thinking all of this is related somehow. As for the firefox web browser, maybe it’s time to fork it or dump it?

    May 15th, 2014 at 10:32

  170. hkhl

    Will it be possible to disable the whole code path including all closed source components and the sandbox with the unique id without rebuilding?

    May 15th, 2014 at 10:50

  171. Greg K Nicholson

    On node-locking:

    If the user is logged into a Firefox Account, could we lock the content to that account, rather than the physical device? (Or would that land all@mozilla.org in jail for not being evil enough to suit the “content providers”?)

    May 15th, 2014 at 11:14

  172. Chris Rebert

    Thankfully, someone has started a petition against this disastrous move: https://www.change.org/petitions/mozilla-remove-drm-from-firefox

    May 15th, 2014 at 11:28

  173. privacy

    It pains me dearly to see this.

    May 15th, 2014 at 11:42

  174. Joe

    “Committed to you, your privacy and an open Web”

    Are you kiding us?

    You are making the deliberate choice to allow DRM to come in to the web, by encouraging users to use DRM, and thereby end any hope for open web.

    I don’t know how to call that other than “betrayal”.

    Refund the people who donated money believing you would defend free and open web!

    May 15th, 2014 at 11:55

  175. John Smith

    I image this CDM will get reverse-enginered if it turns out to be too restrictive and/or tracking with the unique ID. I just hope Adobe won’t stop working with Mozilla if it happens.

    I’d like to thank Mozilla for still somewhat supporting freedom, you’re doing a better job than anyone else at it, you’re literally the best. Thanks a lot.

    May 15th, 2014 at 12:05

  176. Mark

    Oh well, Mozilla. Looks like a catch-22. For you.

    Let me start off with last week. When I downloaded and installed FF29 I was shocked, sad and stunned. What have you done?
    “My” firefox suddenly loooked like a clone of that Skynet-Browser. No difference anymore, any longer.

    I was seriously thinking about dropping FF and go for Pale Moon or Waterfox.
    Then I remembered those “Skins” and I found “mx-4” so “my” FF still looks the way I want it to look and not yours/Skynet’s.

    Why I’m telling you this? Because I was able to fix this sh*t within a couple of minutes.
    But if you go for DRM in any way, this is nothing I can fix in a bunch of minutes, not even hours without leaving the legal way.

    I’m expecting that you have a clear statement on this. If a user tries to access this DRM-shit a side should be shown stating in big fat letters:

    “Mozilla has always respected your privacy, Mozilla respects your privacy and Mozilla will always respect your privacy.
    If you want access to DRM-shit then go with the evil [links to Microscrap and Skynet], these will let you watch the movie by taking away just another
    part of your privacy. Mozilla stops just here.”

    This should be the way to go.

    Talking ’bout going: Mozilla, don’t go any further with this. FF29 is enuff.

    By the way: If Skynet should start threaten you – to stop the money they pay to you: Have you ever talked to that Yahooo lady? She’s been looking for ways
    to get back on track and she’s got the pockets full of money.

    May 15th, 2014 at 12:23

  177. John Hampton

    As long as I can disable it, at least I can still use Firefox. If not, I’d have to switch browsers. Seems Mozilla will cave to the big money interests like any other established corporate entity. Mozilla becomes Establishment…imagine that. Sad days.

    May 15th, 2014 at 12:33

  178. Craig Barnes

    With this I no longer feel that Mozilla represents my interests or those of a free and open web.

    I feel reluctantly forced to uninstall, and to sell my Firefox OS device.

    I trusted you, and you have let me down.

    May 15th, 2014 at 12:39

  179. Tora

    An open source sandbox being considered safe by an proprietary DRM solution? That sounds impossible. I can’t imagine any way for this sandbox to be actually safe/tamperproof.

    There’ll always be a way to modify the sandbox (eg. the identifier generation part). It’s been said that the CDM checks wether the sandbox is trustworthy by checking its memory, but it the CDM is truly sandboxed, it’ll be possible to fake that somehow.

    I don’t see how DRM can actually work if OSS is involved somewhere in the stack. Heck, we could even modify our video drivers for grabbing the media.

    May 15th, 2014 at 12:42

  180. Juergen

    I hate the idea of this CDM, I signed the FSF’s statement to the W3C against the integration of DRM into HTML5 months ago. The Mozilla Foundation hates it, they opposed the implementation of DRM vehemently but the WC3 insisted on it. Shame on them.
    But let’s face it: 98 percent of the users out there don’t care. On the contrary. Most of them would judge a browser as deeply flawed, if it didn’t allow them to access DRM content. Today almost everybody uses the Flash plugin, which is far worse than the CDM when it comes to security and privacy aspects, at least if this CDM is neatly stowed away in a sandbox as Mozilla announced.
    In Germany we have the expression “to die in beauty”. Mozilla decided rather to live with a stain on their reputation, than die in beauty. I can’t condemn them for it, even though I’m really unhappy with the result.

    May 15th, 2014 at 12:49

    1. Hugo

      Today almost nobody uses flash, you can browse 99% of the web without flash and Apple do not even support flash. This is thanks to some companies who opposed it like Apple and to the fact that HTML5 proposed open alternative standard that can do everything flash was doing and we switched away from this closed technology.

      It is completely possible to do the same with DRM, it’s even easier because right now DRM is not yet implemented (unlike a time were a lot a web site were in flash thus hard to abandon flash, but we (almost) did it).
      However with Mozilla losing courage and forgetting his mission, it’s not a good start. But it could be definitively oppose it especially since it’s just USA, the rest of the world would refer other system than DRM.

      May 16th, 2014 at 05:07

  181. Martin

    From mozilla website “Our mission is to promote openness, innovation & opportunity on the Web”. How do you guys feel about naive donors who actually promote openness, innovation & opportunity on the Web, and thought you were acting this way?

    May 15th, 2014 at 12:53

  182. Andy H

    To those who consider boycotting Firefox because it will offer the choice to enable DRM:

    I just wanted to point out that this is not equivalent to boycotting Netflix and copy-protected Blu-Rays. It is equivalent to boycotting any shop that offers copy-protected Blu-Rays. I hope that you’re consistent.

    May 15th, 2014 at 13:25

  183. Harry Cutts

    Although I passionately dislike the W3C’s decision on DRM, this seems like a very good, elegant solution given the circumstances. I’m sure Mozilla will receive a lot of stick for it from some sections of the Free Software/Open Source community (of which I’d count myself a member), but I’d far rather that they make this compromise than lose market share to completely closed-source browsers.

    It’s a difficult decision, but I support it.

    May 15th, 2014 at 13:42

  184. NaBUru38

    I think that Mozilla has done the right decision.

    Now, I want to disable the EME system in my computers.

    May 15th, 2014 at 13:44

  185. Anonymouse

    I finally purchased a HDTV and after checking out the offerings over a couple of weeks, I feel I wasted $15 (thrift store :-)).

    No, simply, no.

    Ah, the Internet, I remember it fondly…

    May 15th, 2014 at 13:54

  186. Klaus

    So basically: FireFox is no longer open source!

    I really can’t go with you that YOU the last significant open source browser makers out there go so far to build in proprietary code into the brwoser. Make this an easy to install plugin. When you browse to a video that needs this stuff let a clearly visible tab drop down and make it a 1 click download and install.

    But for gods sake make it a plugin! You are losing your open source status with this. FireFox ships proprietary code. Simple as that. You lose your throw your status into the trash for DRM and bow down to those you claim to oppose.

    I’m really disappointed and disgusted.

    May 15th, 2014 at 14:26

  187. Fred Logar

    I cannot wait till a plugin comes along that will rip the unencrypted stream from the browser core and record it to disk so we can watch/send it whenever, wherever and with whoever we want. FTW :)

    May 15th, 2014 at 14:35

  188. kesavan.muthuvel

    True mozillians never need these #DRM,#EME & #CDM.I hate them.It’s hard time for mozilla , but philosophy is more important than success.

    May 15th, 2014 at 14:43

  189. kesavan.muthuvel

    True mozillians never need these #DRM , #EME & #CDM.I hate them at all. Dear Mozilla, philosophy is more important than success. Together we can change the world.

    !!! Freedom Matters !!!

    May 15th, 2014 at 15:09

  190. Joerg Fischer

    “But let’s face it: 98 percent of the users out there don’t care. On the contrary. Most of them would judge a browser as deeply flawed, if it didn’t allow them to access DRM content.”

    It’s rather disgusting how you claim Mozilla would merely try to act in the user’s best interest by supporting DRM. DRM is *not* in the user’s interest but solely in the interest of those who believe to own the ‘R’ part of DRM and so have all rights to get the users on their mercy. Let’s face it, by supporting DRM the Mozilla foundation does nothing but to support the ethical wrong ideology of “intellectual property”.

    Mozilla and everyone can do so of course – it is their choice as much as it is the users choice to let some DRM stuff be installed – however you shouldn’t deceive yourself by claiming you would be in favour of user’s freedom or interests or to have any understanding of what free software (and open source?) is about.

    Looks like it’s time for a new foundation – something like “Librefox”.

    May 15th, 2014 at 15:42

    1. Juergen

      It’s rather disgusting how you give my words deliberately a false color. I did’nt say, that the implementation of DRM was in the user’s interest, on the contrary. I said that the vast majority of users don’t care at all, when it comes to things that are crucial to me: a free and open internet, free (as in freedom) software, privacy. They just want to watch their series and films on the computer, that’s all. Don’t blame me for the reality as it is.

      May 16th, 2014 at 11:02

  191. Totony

    I understand your decision, but, as mentioned in another comment, focusing efforts on developing this sandbox/CDN cooperation is, in my opinion, wasting developers’ time, wasting people’s money and is against the values Mozilla openly says it supports.

    Here, I am specifying that the “cooperation” is wrong.
    A better alternative would have been, in my opinion, to provide this as a plugin only (or extension, or whatever you want to call it) and to code a general sandbox that would be usable for any plugin.
    Users could then have chosen to install multiple plugins under sandboxes, not just one, and those that just do not care could have chosen that this proprietary code be executed without the overhead of a sandbox.

    For example, if I’m installing a non-trusted plugin, it would be nice to be able to install it under sandbox, if you’re gonna code a sandbox.

    Note: Ideally, I don’t think you should have been involved in this at all. I’d have expected Mozilla to disagree with the proposal and, only if accepted and completed by the W3C (i.e. not a draft), then propose a viable alternative (a plugin). Mozilla should in my opinion remain usable, but by treating this as any unsupported plugin.

    tl;dr: If you’re going to code a sandbox, make it re-utilizable as to improve the browser. In that way, this initiative would at least contribute to the overall browser and not just some proprietary malware-extension-plugin-bullshit.

    May 15th, 2014 at 16:49

  192. mhyst

    I’ve been in the discussions for months until I realized there was no dialog. The decision had been made and they weren’t going to negociate. All that time I wondered: where is Mozilla?

    Now I see and understand everything.
    Mozilla was selling their users on other conversation table.
    Shame on Mozilla

    PS: I reject to enjoy video or anything under such a set of conditions imposed by the industry and impersonated in EME.

    May 15th, 2014 at 18:06

  193. Andi

    Okay, give this sh*t a chance: Put up two download options, one free, one with DRM compiled, and see which one works best.
    I’d know my choice. US cooperations wont mess with my CPU with code I’m not allowed to read.

    May 15th, 2014 at 18:18

  194. a0145

    Soon there will be no difference between Firefox and Chrome. Why even continue developing Firefox if Mozilla won’t stand by their morals. They’ll just become another company with no integrity.

    May 15th, 2014 at 18:18

  195. Joshua Cogliati

    I disagree with Mozilla doing this, but if you do, make it obvious whenever DRM is being used in the webpage. I am not sure the best way to do this, but I think it should probably include click to play and a icon in the url bar (such as a red EME or similar). EME should not work as seemlessly as parts of the web that can be implemented in open source. It should also not be unnoticable.

    May 15th, 2014 at 18:18

  196. chris

    Well, after all we know about surveillance mechanisms, we simply have to consider (and from a security perspective, assume) that the NSA has bought some people from mozilla to get another ear in everyones computer:

    Would it be willing to do so? Yes. Does it have the ressources? Yes. So, let’s take it as a fact for now…
    Human emotions (like trust in someones ideals) are the main source of error, just as your gfs name as password ;)

    So, if you’re prompting to a user to install closed binaries, you should at least warn him to do it
    a) not on a governmental computer (would be considered treasonry in most countries)
    b) not before unlinking all relevant data
    c) especially any business related data and
    d) not before covering your webcam and plug a dead connector into the mic.-in.

    May 15th, 2014 at 18:39

  197. Paul

    > Mozilla believes in an open Web that centers around the user and puts them in control of their online experience.

    You can keep trotting out that line so often, you start actually believing it.

    Its clear Mozilla care more about securing their revenue than being a beacon for open web these days. It wasn’t always the case, but sadly thats how it is now.

    If Mozilla really cared about open web, they’d grow a pair, and not try to feed us with this marketing spin crap.

    May 15th, 2014 at 19:04

  198. freedom as in speech

    “If you drop a frog in a pot of boiling water, it will of course frantically try to clamber out. But if you place it gently in a pot of tepid water and turn the heat on low, it will float there quite placidly. As the water gradually heats up, the frog will sink into a tranquil stupor, exactly like one of us in a hot bath, and before long, with a smile on its face, it will unresistingly allow itself to be boiled to death.”

    And it’s not even the first step of boiling the frog. The first one was inclusion of H264.

    There was WebM which could have become the only widespread standard, as it was not worse than H264, but supported by all browsers, but when you supported H264 you reduced the motivation of HTML5 sites to switch onto WebM.

    Only acceptable way of DRM implementation is Okular-like one: when you have an option “Obey DRM” which you could opt out and do anything like if there were no DRM. If Okular can do this, why Firefox can’t?

    May 15th, 2014 at 19:24

  199. Sharuzzaman Ahmat Raslan

    This action is only to satisfy 1% of Mozilla users in USA (who are supporting DRM), while 99% of Mozilla users outside USA who are not able to use the DRM content anyway, have to swallow the idea that DRM is good, and Mozilla is supporting it.

    Right now I’m thinking this action is only legitimizing TPPA (Trans-Pacific Partnership Agreement) for Asian countries by the USA government, so that they (the Hollywood company) can push the DRM content to people in other country also. And Mozilla is helping that agenda to move forward.

    May 15th, 2014 at 20:46

  200. Very sad day

    Very sad day Mozilla, reading through the comments it is plain that the community does not support this move. I believe you will lose market share because of this. You are alienating your core supporters and they will find alternatives. Very bad decision guys. Reverse this nonsense and show the community you will stand up for your principles or you will likely regret this for a long time to come.

    I don’t use Netflix or Amazon Video or Hulu. I use torrents, this is just another reason to continue to do so.

    May 15th, 2014 at 21:49

  201. Doofus

    I’ve lost all trust in Mozilla.

    The source code is freely available for anyone to copy and modify. I’m sure the free-software community will respond by creating a ‘clean’ version of Firefox. I’ll keep on checking the Free Software Foundation’s website and when the projects start to appear, I’ll jump ship. I feel betrayed. I’ve converted many family members and friends to Firefox over the years. From here on, my endorsement will stop – I’ll recommend the spin-offs.

    May 16th, 2014 at 00:37

  202. Hu Aewa

    This is just bullshit. If FF has no advantage to other browsers, then I can use the other browsers as well. Chrome is nice, but FF was always fully open source and free of bullshit. If it is not, why use FF instead of Chrome? If Mozilla and FF are not trying to make a difference, then it is just another replacable browser.

    I will stop supporting Mozilla right now. Because binary bullshit I can get for free everywhere else. It does not make a difference if I download Adobe blobs or if I download code that downloads Adobe blobs.

    For christ’s sake, Adobe? Adobe! What the…?

    May 16th, 2014 at 00:40

    1. Gervase Markham

      It doesn’t make sense to stop using the browser that implemented DRM reluctantly and with as many privacy protections as possible, and start using the browser that implemented DRM happily, without privacy protections.

      Firefox will continue to be fully open source. If you don’t want to use the CDM, just say No at the prompt.

      May 21st, 2014 at 10:37

  203. Arne

    Bye bye Firefox, we had more than 10 great years together. Greetings from Germany

    May 16th, 2014 at 03:13

  204. Walex

    The new EME API seems to have a similar role as the plugin API, and in effect the CDM is a binary plugin (or trojan exploit :->) by another name, so the new situation is effectively identical to the old situation.

    As long as there is a flag to block the running of the CDM module, on a per-page basis, just like many add-ons for Firefox can do for plugins.

    So people who are concerned about the CDM can just disable it, and let it run only on the pages they choose.

    May 16th, 2014 at 03:50

  205. Jonathan Evraire

    It seems inevitable now that the Firefox codebase will get forked to offer a DRM-free option. I look forward to that day! Goodbye Mozilla, you made the wrong choice.

    May 16th, 2014 at 03:53

  206. Martin Steigerwald

    Please do not support EME/CDM plugins. Please cancel your partnership with Adobe. Adobe and free software are just not compatible with one another.

    Its pitiful enough that Adobe Flash has been been banned from the web completely already. But I find introducing a *new* way to integrate proprietary code within the browser even if within a sandbox very backwards. How is the content industry encourage to arrive in the 21th century and respect their users, if Mozilla gives in?

    I am disappointed.

    If Debian Mozilla packagers will not keep this sandbox code out of Iceweasel builds, I will choose a different browser.

    May 16th, 2014 at 04:14

  207. Hugo

    Also If you accept DRM for videos and music, I don’t see what will restrain the industry to propose DRM on javascript code so you can’t read it anymore. If we accept DRM for media there’s no argument for refusing DRM on source code (both are subject to intellectual property after all)… I kow there’s no such plan for the moment but if it is ever proposed, it’d be very unlogical to refuse it then.

    Then you should really survey how many FF user actually use paid media content that would be subject to DRM.

    May 16th, 2014 at 04:26

    1. Gervase Markham

      It would be perfectly logical to refuse if anyone proposed something like that. The situations are clearly not the same.

      Mozilla is *not* saying “All DRM is now fine with us, because… Hollywood movies”.

      May 21st, 2014 at 10:39

  208. Hugo

    If you were to oppose a little bit DRM you would surely find the support of other “continent”. Whereas it is Europe, Africa or Asia, I think none of their governments are happy with having all their citizens using binary American NSA sponsored to watch videos. There’s only the US governement and Hollywood happy with DRM, the whole rest of the world would prefer a more respectful system.
    There should be a discussion to find system that do not use Security through Obscurity.
    The answer to a bad system is not to standardize it, it’s to find a good open standard we agree on. Instead of weakly accept it at least try to fight against it a little bit and propose other systems.

    It’s curious how creative and smart Mozilla is with creating asm.js to fight Nacl, how long you take to implement drafts about CSS features and such but you have no problem with implementing one of the less repectful feature ever proposed at the WC3

    May 16th, 2014 at 04:59

  209. Laszlo Budai

    your motto “Committed to you, your privacy and an open Web” becomes a joke after this announcement..

    May 16th, 2014 at 05:08

  210. Joshua Cogliati

    If Mozilla is going to support EME, the UI needs to make it clear when it is being used for every website. So either click to play and/or putting a EME or similar icon in the URL bar.

    May 16th, 2014 at 05:28

    1. Gervase Markham

      The user interface is still under discussion, but there will be at least one opportunity to say No to the CDM.

      May 21st, 2014 at 10:40

  211. Andrea

    DRM is a dead-end and browsers that doesn’t implement it will have an advantage over those who do. If major browsers like Firefox doesn’t support it it won’t become widely used and slowly wither away.

    May 16th, 2014 at 05:33

    1. Jan-Erik

      Don’t fully agree with that statement; everyone wants to rent movies on the web these days because it is very convenient. The problem is that if you want to view the latest movies you need DRM because it is mandated by Hollywood. So, not using browser who have DRM implemented means viewing crap movies, which I wouldn’t prefer myself, how about you?

      May 19th, 2014 at 01:47

  212. ~

    My first question is about the CDM module. You say that Firefox downloads it from adobe. How will be the licence of the CDM? Will it be possible to download it from, say, a company server?
    Will firefox now send regular requests not just to Google, for the website blacklist, but also to adobe, for updates of this CDM? I’m not speaking of the cases the CDM gets used. You could perhaps check for updates every time the CDM gets executed instead, as then the CDM will most likely already want to talk with adobe.

    I also have a second question. I haven’t read the EME draft, but sure the CDM can freely communicate with the website’s js. Adobe now could add UUIDs to CDMs, so that the CDM has not just a side-wide identifier, but also a host-wide.
    What are your plans to prevent this?
    I think firefox should download the CDM from mozilla servers instead of adobe’s. If this is not possible, would you at least sign all adobe’s CDM modules, and let firefox verify the CDM came from adobe? This would prevent the tracking problem I described above.

    Thank you.

    May 16th, 2014 at 06:25

    1. Gervase Markham

      The CDM will be signed, and verified as coming from Adobe.

      There will be update checks; I don’t think it’s yet been decided exactly how they will work.

      May 21st, 2014 at 10:42

  213. Javier

    Before throwing s**t and FF we should remember the W3C was seduced by the dark side in the first place and no longer deserves the right to define web standards. We should be throwing s**t at W3C twice, in my opinion. Being that said I hate DRM but I will give it a try to that option to “disable EME” in FF and see how it goes for me but it is sad for me to read this article because the dark side is taking over the internet and the lack of awarenes of we the users willing to consume DRM content is the real cause of it, imho.

    May 16th, 2014 at 07:36

  214. Sum Yung Gai

    I’m really disappointed with your decision here, Mozilla. I’d always recommended Firefox due to its Free Software nature, but embracing a proprietary Digital Restrictions Management binary blob is not acceptable.

    I emphatically do not “need” to access “content” that has Digital Restrictions Management. Pure and simple. You are caving in. The whole appeal of Firefox was that it was the last holdout against this DRM nonsense. When someone as prominent as you caves in, you do grave damage to the Web.

    Please, reverse this harmful decision. It helps only those at the top of various corporations and political organizations, not the end-user.

    –SYG

    May 16th, 2014 at 07:39

    1. lawrence

      ” Im really disappointed with your decision here, Mozilla. I’d always recommended Firefox due to its Free Software nature, but embracing a proprietary Digital Restrictions Management binary blob is not acceptable.”
      yes-yes………..but it is finish.
      Sorry, but if Firefox is really “free software…we can remake or not?????? or someting like(click here for disable DRM).
      please save us

      May 16th, 2014 at 13:52

  215. Jose Araque

    DRM in mozilla firefox?????? nnnnoooooooooooooooooooooooooooooo!!!!!!

    May 16th, 2014 at 07:42

  216. Edward Flick

    Is the CDM a binary module or is it Javascript?

    May 16th, 2014 at 08:55

    1. Edward Flick

      If it is not then that is very disappointing, since I likely wouldn’t be able to use it on the platforms that I’d want it on. If it is some form of binary, how will it be sandboxed without opening up a million security holes?

      May 16th, 2014 at 09:58

    2. Gervase Markham

      It’s a binary module, and has to be compiled per platform. We are working with Adobe to get Windows, Mac and Linux support; we have no announcements to make about other platforms at the moment.

      May 21st, 2014 at 10:44

  217. Someone

    Firefox user base is already in decline: without DRM support it’ll fade away faster and faster.

    If you don’t want EME, just don’t install it when Firefox will ask you! It’s simple.

    Besides: are there any acceptable alternative browsers more open than Firefox?

    May 16th, 2014 at 09:04

    1. dr Equivalent

      It is not the matter of “user preference” as it is of “webmasters preference” and “industry”. For one thing, if Mozilla, the cornerstone of free and open and standardized web gives a finger to the content restrictors (I refuse to call them “providers”), they will take the whole hand. And, if the webmasters will see DRM as an option, there’s a possibility that they will implement it on incresingly more sites. It’s all about how far will it get.
      “Consider a building with a few broken windows. If the windows are not repaired, the tendency is for vandals to break a few more windows. Eventually, they may even break into the building, and if it’s unoccupied, perhaps become squatters or light fires inside.
      Or consider a pavement. Some litter accumulates. Soon, more litter accumulates. Eventually, people even start leaving bags of refuse from take-out restaurants there or even break into cars.”

      May 16th, 2014 at 09:17

  218. Muhammad

    What’s the crap. We trust in bullshit. if you do this you dosnt support by whole world people. Firefox made by people for damn W3C google and big companies ? did you want to shared our resource with these crap ?
    If you support DRM, EME and any restriction pattern u will lost people and without people you’re nothing.
    Did you ever think about what’s the big diffrerent between google chrome, opera and another browsers. cause mozilla care about USERS not damn companies that want to people in restriction …
    Be careful mozilla it’s time to choose people or companies.
    I dont want to say goodby mozilla. but if you decidet to choose damn W3C and etc rules forget about people support.
    Such mariadb (as problem happened for MySQL) we will rejoin as new champaig against who dont care about people .

    May 16th, 2014 at 10:12

  219. Hugo

    I can even understand that Mozilla is worried about losing it’s users, but I think they didn’t notice that with this decision they are causing what they are trying to prevent. I’m using Firefox for as long as I don’t find a cleaner and better alternative, unless they wake up and stop with this mad idea. And choosing Adobe to handle this extension makes the situation even worse.

    Firefox was born to give users a decent alternative, a decent choice, not to have the biggest userbase.

    May 16th, 2014 at 12:20

  220. oddcouple

    World’s going to hell…and the big companies and consortiums just keep rolling over and letting it happen (to us). They all must be getting paid off because its such a basic principle…..HOLLYWOOD NEEDS THE WEB, THE WEB DOES NOT NEED HOLLYWOOD!!!!…..they will come begging IF you tell them NO!!!

    May 16th, 2014 at 12:23

  221. Aniou

    I’m strongly disappointed by this acrobatic casuistry from Mozilla. When all major browser engines declares support for DRM then using Firefox doesn’t gave me any special advantages over Chrome or Opera – and, at last, they aren’t hypocrites.

    May 16th, 2014 at 12:34

  222. Triola

    This is the wrong choice, Mozilla.

    If users want DRM/EME protected content, let them add a plugin. Keep the browser clean.

    Knowledgeable users have no need of subscriptions to DRM providers.

    But we -do- have need of a browser we can trust, signing-on to DRM/EME/Adobe negates that trust.

    May 16th, 2014 at 13:57

    1. Gervase Markham

      The CDM _is_ a plugin. And if you don’t want it, say No at the prompt.

      May 21st, 2014 at 10:45

  223. Jim

    Don’t fall for Mozilla’s spin, this was not about DRM. You can view DRM movies in Firefox using a plugin and Firefox could have easily launched an external DRM media player.

    What Mozilla has decided to do is to support the addition of DRM to the web using a standard named the EME. Mozilla could have proposed their own standard, and they do not need to support the EME or add DRM to web to allow customers to view DRM movies.

    The EME is being pushed by the distributors because it allows them to sell you all a rich[sic] web experience, to force you to use their web based media player with their own branding etc, to lock you out from using other media players, to lock out competition, to lock out competition that might have been more private and secure. Mozilla have chosen to support the distributors, not their users, and their claims to support user privacy and security disgust me.

    May 16th, 2014 at 16:10

  224. joblack

    I am ashamed that I have donated in the past. Mr. Gal your decision is disgusting.

    I won’t use a firefox with forced DRM. Bye bye Firefox.

    May 16th, 2014 at 16:17

  225. Chuck Baggett

    The below seems to be missing a word or too. It doesn’t seem like a proper sentence to me.
    “Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.”

    May 16th, 2014 at 18:19

  226. WhaleEatSurfer

    Welcome back Adobe Flash disguised on an HTML5 standard. I don’t even know how this piece of s*** of Adobe company can be a member of the W3C. Mozilla should have some power on this kind of final decisions, don’t try to explain the contrary, or the WWW will only become a giant supermarket for redeems, business and commercial non-free-softwares-as-a-service. I don’t blame you Mozilla people, I blame Apple, Amazon and Adobe users. And Google’s one too but it don’t have a A as a first letter.

    May 16th, 2014 at 20:50

  227. bhuvi

    I wished you stood by what you believed in no matter what. Most users use Firefox not because it is better, but because it stands for openness. You let those people down, who believed in you.

    May 16th, 2014 at 23:05

  228. T. Pearson

    Goodbye Firefox, it’s been fun. Hopefully Iceweasel leaves out this trojan horse.

    May 17th, 2014 at 00:54

  229. Anorymous

    Dear sir:

    Do you know why I’m a proponent of open-source software? Why I use Ubuntu instead of Windows? It’s not because of their tweakability; Windows also has tweakability, and even if it didn’t I couldn’t tweak Ubuntu anyway because I’m not a developer.

    The reason I use open-source software is because I’ve found, as a general rule, that it does not do things without asking for my permission first. In Windows, everyone and their mom can make an installer that also decides to run everytime my computer boots. Sure, I could go to the registry and delete things to remedy that, but why bother? I can just install Ubuntu on my machine and not have to worry about it.

    You are taking this away. You’re making open-source software that takes control away from its user. NEVER TAKE CONTROL AWAY FROM THE USER.

    That’s not the only solution. There must be others. Don’t pollute the objectives of OSS, please.

    May 17th, 2014 at 01:56

  230. James Salsman

    What’s to prevent a modified sandbox from making a plaintext copy of the DRMed content?

    May 17th, 2014 at 03:00

  231. GFS

    VERY disappointed in Mozilla for bending over like that ! Uninstalling all Mozellout products ..

    May 17th, 2014 at 04:49

  232. john

    Nice more off that trusty great working adobe shit !
    Hope FF user get money from them if the discover exploit 9.999.999
    Hope FF wil come in two versions ! Great open and the spy version
    As you can see on the new logo,s one is chained.

    May 18th, 2014 at 01:14

  233. Magnus

    If this will be implemented, I will promote other solutions to friends and everybody in familie needing advice.

    Good Bye!

    May 18th, 2014 at 03:55

  234. anonymous

    I also support what Triola has advised:

    “This is the wrong choice, Mozilla.

    If users want DRM/EME protected content, let them add a plugin. Keep the browser clean.

    Knowledgeable users have no need of subscriptions to DRM providers.

    But we -do- have need of a browser we can trust, signing-on to DRM/EME/Adobe negates that trust”

    May 18th, 2014 at 04:31

  235. Yokol

    Plugin as optional sounds good

    May 18th, 2014 at 04:34

  236. palo

    If you don’t want CDM, just don’t install it when Firefox will ask you!!!
    It’s easy peasy ;-)

    May 18th, 2014 at 05:06

  237. eloyesp

    I understand the issue, the only question I would like to ask is about permisions, as a system administrator (of my own pc at least), I would like to block this feature from ‘/etc’ so non admin users should not be able to install this, will this be possible?

    May 18th, 2014 at 15:19

  238. ElGoopo

    Wow. I can’t believe how self-righteous all the commenters here are. It’s like you guys think Mozilla’s only purpose is to fight your battles for you so you don’t have to do anything. Where were you guys when Mozilla tried to take stands on this over the last few years? Nowhere. You just sat back and let Google, Microsoft, Apple et al make the choices, secure in your smug assurances that Mozilla could do it all for you. And now that it’s not gone your way, you’re wagging your fingers at Mozilla. Well, kudos. I hope you guys learn that you actually have to do things for the world to go your way. You can’t just cry and stamp your feet and use Mozilla as a scapegoat. Christ, I can’t tell how Mozilla has lasted as long as they have with such a fickle and childish userbase.

    May 18th, 2014 at 22:00

    1. Hugo

      Your comment doesn’t make sense. Where were we over the last years? We were proud Firefox users supporting Mozilla mission, we were contributors, bug fixers, translaters, making donation to Mozilla, and using daily a browser that is not as good as Chrome but we were making the effort because we believed in Mozilla mission. I don’t know what you can ask more from the “childish userbase”.

      May 19th, 2014 at 12:30

    2. Jonathan

      ElGoopo, with due respect, you should spend less time at the mall. The ability to choose from prefabricated, immutable options made and controlled by authority is not freedom.

      May 19th, 2014 at 16:01

  239. Michael

    I’d ask you to reconsider – Firefox is meant to have principles and a dedication to the open web, and this flies against that. You seem to know this already, as you’ve adopted an apologetic tone (your “little choice”), as has the majority of reporting on this issue.

    I don’t want DRM in my browser, I want to use a tool to support a free internet for everyone, not to help adobe and the MPAA to build a more restrictive monopoly on content production. I would have kept using your browser, as I have for over ten years now in it’s various incarnations (Firefox/Pheonix/Mozilla).

    This is extremely disappointing – I guess because of all the great things you’ve done in the past, I expected more from you. You have the power to stop this – you’re a significant player, but the stance you’re currently taking is one of popularity over principles.

    Please reconsider. I’m having to reconsider using Firefox, as currently it seems you don’t believe in the principles I thought you did. Prove me wrong.

    May 19th, 2014 at 01:40

  240. fenrir

    Will there be an option for me to reject DRM’ed content?
    I understand there’s little Mozilla can do, but I as consumer can actively reject DRM’ed content at will. Hope you put some mechanism within Firefox for me to reject such content.

    May 19th, 2014 at 05:40

    1. Gervase Markham

      Yes, of course. You can say No at the CDM prompt.

      May 21st, 2014 at 10:46

  241. Kirk M

    For all those saying they’re going to leave Firefox…

    So where are you going to go? What browser are you going to use that doesn’t support or have already signed on to support DRM? Chrome? Internet Explorer? Yeah, right.

    Did these folks actually read the whole article or just down to the point where it said that Mozilla is going to have to (finally) give in? If you read farther you would see they specifically stated that this DRM implementation will NOT be integrated into the browser itself but will be called externally on demand. And when it is used it will be sandboxed and not allowed access to your hardware or hard drive. And if not Adobe then who else? No matter what company provides this it’s still proprietary, restricted and closed so no matter who provides the download they will be vilified.

    And knowing Mozilla there will definitely be a way to disable this via a check box in “Preferences” or an entry in “about:config”. Plus it will take about 5 minutes from the point that Mozilla implements this thing for some Add-on developer to write up an extension to disable it which is more than I can say for other major browsers.

    So relax. Sometimes the only way to successfully change something undesirable is to join up and change it from the inside rather than standing on a soapbox and screaming from the outside. The battle against DRM is hardly over and Mozilla is on entity that’s been fighting hard against it. If they don’t do this, Firefox will eventually die and they’ll hardly be able to fight against DRM then will they?

    May 19th, 2014 at 07:29

    1. Hugo

      If Mozilla’s mission is not to respect your privacy and promote an Open Web anymore, then you can either go use Chrome which doesn’t respect your privacy either but has more feature and is faster, or you can use alternate less famous browser that respect you. Privacy is the only advantage FF has over competitors.

      “DRM implementation will NOT be integrated into the browser”.I also thought like you at the beginning but in fact I think that’s false. You cannot implement DRM just as a regular plugin, because DRM needs to trace user identity to work, it requires privileges and a close integration to the browser. So sandbox or not, enabled or not, there will be extremely concerning privacy threats.

      If you read the article you’ll notice that even Mozilla is not sure how to handle their sandbox.I’m maybe not an experimented enough developer to understand but many parts are pretty vague and even contradictory. And given how DRM works I really can’t see how you can protect the user. I’m impatient to see the detailed implementation of this utopic perfect sandbox, and I think we’ll all be very disappointed.

      So there’s no “relax”:
      – Mozilla betrays its mission, if Mozilla accept this today, then what’s next for tomorrow ? DRMed Javascript and proprietary code everywhere on the web ? If each time Hollywood ask something, Mozilla and the W3C accept it, this is what the future will look like.
      – New security breaches possible
      – Less privacy for the user
      – Mozilla resources spend on that instead of making it a better browser
      – All that for the 1% Americans watching Netflix and for a system that won’t stop piracy because it is often broken (Security through obscurity) and because you can always record in FullHD 60 fps and put it on rapidShare whereas there are DRM or not.

      May 19th, 2014 at 13:16

    2. Hugo

      “Sometimes the only way to successfully change something undesirable is to join up and change it from the inside”.

      I disagree. One example is ASM.js vs NaCl. Mozilla never integrated NaCl to “make it better from the inside” later. Instead they followed their mission and proposed a system which was more respectful of the Open Web philosophy. Today Unreal Engine and Unity are porting they technology to ASM.js. All odds were against Mozilla as Google is behind Nacl, but even Google is integrating asm.js in Chrome.

      May 19th, 2014 at 13:25

    3. Yann Sionneau

      I fully agree with Kirk M comment, it seems a lot of people here didn’t even read the article.
      It is clearly stated that the firefox browser will remain open source and free software.
      The DRM stuff will be EXTERNAL: it will be a closed source SHARED LIBRARY loaded by an OPEN SOURCE *external* binary communicating with Firefox browser via IPC.

      Maybe you guys are not developers but that sounds OK to me.

      The only thing I still wonder is how exactly the DRM closed source shared library will do to verify the integrity of the sandbox without breaking out of it.

      I also agree it’s a pragmatic approach to try to change things from the inside.

      Please don’t just throw tomatoes like those FSF guys who usually have very poor impact on real industry.
      Mozilla has changed the web, is interacting closely with W3C and works to design and implement open standards, it is *PART* of the industry *AND* working on making it the best for the users.

      Please think it over.

      May 20th, 2014 at 02:24

  242. Adrien

    “Committed to you, your privacy and an open Web” Your decision is exactly opposite to what you’re supposed to defend. What other word than BETRAYAL could we use?

    Please refund all the people who donated believing you would defend free and open web!

    May 19th, 2014 at 07:58

  243. Maki

    @Kirk M: There are plenty of gecko-based alternatives that don’t use DRM.
    And there are developers of those gecko-based alternatives that are committed to removing EME from any future built still based on the Firefox code, until the time comes when they have the manpower to simply leave that code be and have their own update cycle based on their own base code.

    Your statement that there will be an about:config option to toggle it is false; Mozilla has removed various abilities from about:config, such as the option to toggle tabs-on-top to tabs-on-bottom. And especially with their v29 release they fucked up majorly.

    I, for one, have moved to Pale Moon as I trust that developer more than I do Mozilla. Still gecko based, still running alongside Firefox and with plenty of inter-operability of Firefox plugins in Pale Moon, but with its own update cycle and its own proper standards of defending the users’ rights.

    Also, its standard GUI doesn’t look like a monkey shat on it. While I would need four different plugins on FF v29 to get a working layout back.

    May 19th, 2014 at 09:39

  244. MrY

    Well well, time to uninstall Firefox (which has been the ONLY browsers for me since its existence). I hope your software becomes vaporware.

    May 19th, 2014 at 14:31

  245. Rafael

    Just because everyone else is doint it, instead of standing your ground you just give it up and follow the trend?
    Another disappointment in a short period of time (the other being the whole CEO episode).

    May 19th, 2014 at 18:31

  246. Rafael

    One example of a Firefox user’s (me) experience:
    If I was a Netflix subscriber (I’m not), and suddenly couldn’t use it anymore through Firefox, because Mozilla was not supporting some technology that is bad for me, and I wanted to access Netflix anyway, I would do it through another software, be it another browser or Netflix’s own dedicated app.
    FOR ALL THE REST, I would keep using Firefox.
    You should reconsider your decision …

    May 19th, 2014 at 19:46

  247. shokin

    I hope Firefox will remove DRM and stop playing with Adobe.

    Or will we find another browser ? free browser (as free software) without DRM

    May 19th, 2014 at 21:02

  248. nadawave

    Mozilla dit :
    – Le web à besoin de vous
    – Regarder l’avenir
    – Créer le web

    Je suis fan de Mozilla, mais je ne suis pas fan d’abobe.
    Je désaprouve votre désision d’implementé EME dans firefox, c’est un très mauvais choix, firefox ne sera plus ce qu’il à été.

    Adobe dans firefox = CANCER de firefox

    Maintenant il va falloir attendre un fork digne de ce nom, mais il en existe déjà, je pense…

    Je suis très deçus de votre choix, dorénavant mais futur dons n’iront pas à mozilla tant que cette situation n’aura pas changer.

    May 19th, 2014 at 22:28

  249. Vaark

    Gal, I do hope all of you were drunk when this decision was made, and after the hangover you’ll recollect your minds and reconsider this HUGE mistake.

    May 19th, 2014 at 22:57

  250. Vaark

    Actually, I really wonder why’d you care about losing some marketshare.

    I mean… MF is a non-profit organization, right?
    So even if in the end you lose some users (and the amount could be less than you think), why would you care?

    Guys, seriously, you can’t do buziness with Adobe. You just can’t!

    You were the chosen ones!
    It was said that you would destroy the Sith, not join them.
    You were to bring balance to the force, not leave it in darkness!

    May 20th, 2014 at 05:05

  251. Joshua Cogliati

    Possibly Mozilla should fork Firefox into a good firefox and a ugly firefox. The good firefox would not have things like EME, or H.264 or plugins. The ugly firefox would have EME and H.264. This would be similar to how gstreamer has a good version and a ugly version.

    As well, Mozilla would then have statistics on how many people want which version.

    May 20th, 2014 at 05:22

    1. abral

      There’s no such need. You can already use Firefox without proprietary stuff (you just don’t install them when Firefox asks you).

      May 22nd, 2014 at 07:17

      1. Joshua Cogliati

        I agree with you that there is no technical need for offering a separate download without DRM and other compromises, but I think there is an ethical need. As in Mozilla needs to say: “Here is a browser that shows what is possible with the open web, with open source, without ethical compromises. This is the web we want.” If Mozilla feels compelled by market forces to offer a browser that does support EME and H.264 than they should continue to offer a browser that only supports what they believe is completely aligned with Mozilla’s mission and vision. I don’t think that offering a second browser would have much technical cost.

        Secondly, this gives Mozilla and others information. They can see which version is downloaded more, and it will give them an idea how much their users care about supporting DRM versus refusing DRM. If they change the user agent string, than webserver owners can also see which version is used more, and make plans accordingly.

        May 25th, 2014 at 07:20

        1. Maki

          Let us please not use User Agent strings anymore. They’re bad practice designed in a time when there were only few browsers and no internet standards, forcing every site to be made compatible for each and every browser’s whims in adding support for things.
          Now with the (Hollywood-corrupted) W3C imposing a ruleset for proper compatibility every browser should follow, User Agent strings really need to go. Sites don’t need to make themselves compatible to the available browsers anymore, browsers need to make themselves compatible with the proper W3C standards.

          In this I see how Mozilla has to add EME support; because the W3C has adopted it as a standard. Bad taste, bad decision, bad practice, bad bad bad… but it’s something they -have to- do in order to be recognized by the W3C.

          I say that offering a fork of their browser which is free from EME would really be the best thing they can do now; keep the EME-laced shitstorm to make the W3C happy until we can kick them back in line, and keep the EME-less browser for those of us who value our choice in the matter.

          Really, though. EME is bad, mmkay? Please listen to your userbase, Mozilla; Throw that blasted DRM into a fork of Firefox. You can call it Firewood (Firefox + Hollywood). It reflects what most of us want to use the whole idea of EME for.

          May 25th, 2014 at 08:54

    2. Fabricio C Zuardi

      I support this idea. (https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/comment-page-6/#comment-2161159)

      “Mozilla should fork Firefox into a good firefox and a ugly firefox. The good firefox would not have things like EME, or H.264 or plugins. The ugly firefox would have EME and H.264.”

      +1

      June 8th, 2014 at 07:23

  252. Peter G

    the real question is:

    will EME be available for mobile plattforms.
    if not, then what’s the point of exchanging a plugin for a CDM?

    May 20th, 2014 at 15:12

  253. fung0

    I agree with many others: EME is unnecessary, and just plain evil. I’ve been a devoted Firefox user since the very beginning, but between the horrible changes in FF29 and now EME, you seem determined to drive me away. Once all of us die-hard fans are gone, who do you think will be left?

    May 20th, 2014 at 22:45

  254. Wuzzy

    TL;DR: This decision was premature. Its justification is poor; there are a lot of unfounded assumptions for now. Therefore, the decision is practically without a rational basis. I suggest to do more research and base arguments on it, then reconsidering the whole decision.

    This is a decision with huge ethical implications and it should not have been done lightheaded. This means, data about the current situation should be collected, then arguments based on this data should be brought up and be discussed openly.
    However, I fear the whole argumentation and fact base is very, very poor.
    So I think this important decision has been made prematurely.

    I hear these arguments defending this move over and over again:
    1) If this does not get implemented, the user base would massively shrink.
    2) If the user base shrinks, this would be bad.
    3) It is not really Mozilla’s choice to go this route; Mozilla has basically been forced to do it.

    I have problems with this argumentation:

    a) We don’t even know wheather 1) is actually true.
    To safely conclude that 1) is true, it should (at least partly) be proven that:
    A) the current Firefox user base (and perhaps would-be users) has generally a broad desire to view DRM-restricted stuff
    B) the current Firefox user base (and perhaps would-be users) is generally not interested in freedom anyways (they chose Firefox rather for convenience than for freedom)
    C) DRM-restricted websites are actually popular enough to have potentially a high impact on the browser choice

    The actual proof presented is very poor. Actually, it is was only even attempted to adress C), Mozilla failed to present proof for A) and B) or other factors I did not mention. The “proof” for C) goes like this: Netflix produces a lot of traffic. But sorry, this does not convince me. Netflix is a video streaming website, so it is no surprise it produces a lot of traffic. Looking on traffic alone is biased towards streaming websites and against all the non-streaming websites. Traffic alone is a very poor indicator for popularity. But we’re talking about how many users are or would be using DRM-restricted websites like Netflix, and not about which browser produces the most traffic.

    b) It is not justified in 2) why a shrinking user base would be neccessarily a bad thing. According to Mozilla’s own mission, popularity is not a goal. If it *is* a goal now, I desire to know the justification for that. Without that, 2) is simply no argument. Also, explaining 2) only makes sense if 1) is true. If 1) is false, 2) does not matter.

    c) Argument 3) is an exaggeration. People at Mozilla have made this choice fully on its own. Even if you don’t like that choice, you still made it. To talk about “force” here is completely misleading. And given that arguments 1) and 2) are not convincing, this makes argument 3) even more questionable. Unless Mozilla has been *actually* been forced. For example, by law or lawsuits, legal threats, contracts, etc. But this does not seem the case to me.

    Conclusion: The argumentation defending this decision is very weak. Therefore, the decision Mozilla had made was premature. As we don’t know wheather the premises are true, there is simply no basis for a rational decision. So I strongly suggest to do the research to see wheather the premises are true. It would be very helpful for a rational decision to collect more data on the opinion of Firefox users (and would-be Firefox users). How many Firefox users would *really* run away without the possibility to install propritiary EME plugins? How much do the current Firefox users care about freedom? How many users *would* use Firefox if they could install EME plugins? How many *users* use DRM-restricted websites in total? And so on. Even if we just had a vague idea on that matter would help. But the problem is, we really have no idea at all at the moment. But *if* it is established that 1) is true, then we still need an explanation on why 2) is true. Without 1) and 2) being true, the whole decision remains without basis. Ideally, all that data should have been collected *before* the decision.

    The award for the stupidest part of the text goes to:
    “With direct support for DRM we are eliminating a major use case of plugins on the Web, and in the near future this should allow us to retire plugins altogether. The Web has evolved to a comprehensive and performant technology platform and no longer depends on native code extensions through plugins.”
    Are you fucking kidding me? You can’t have seriously written this. EME is a standard which *demands* plugins. This whole EME thing only *works* with plugins. Plugins are not going away with EME, since EME is *based* on plugins.

    By the way: I pretty much agree with the ethical concerns other people on this page have brought up. These are valid concerns and therefore should be part of the decision process as well. I do not repeat these concerns here.

    May 21st, 2014 at 05:12

    1. Michael

      Fantastic summary, I completely agree with this. I hope you don’t mind, I’ve actually just cut and pasted it and sent it in an email to Andreas Gal, the author of this article (citing you as the author, that I also completely agree, and would he have some kind of response or even better would it make them reconsider).

      May 21st, 2014 at 09:07

      1. Wuzzy

        If you got a response, please forward it to my e-mail adress: .

        May 25th, 2014 at 05:50

        1. Wuzzy

          For some reason the e-mail adress got filtered out. I try it again:
          almikes AT aol DOT com

          May 25th, 2014 at 05:51

    2. Jim

      I agree that it is a very poor decision and I am glad that the poor basis for the decision is clear to others. I would further note that an alternative to the EME is available that keeps DRM out of the open web and avoids Mozilla being forced into accepting[sic] the EME.

      The alternative is to define a complete standard for playing DRM media, rather than splitting it up into the EME/CDM plus JS and a web browser to complete the player. This alternative need not be part of the open web, but would operate over the Internet. Such a media player could be implemented in a range of ways that give the user the choice between the convenience of an integrated player or the security or a separate player. Mozilla reject this as a ‘very bad proposal’ with no substantive reasons.

      It is clear that Mozilla want the EME, and the early announcement is a act to nurture and promote the EME as the winning solution. The difference between the EME and the use of a complete DRM player narrows down the real reasons for the decision by Mozilla to implement the EME. These reasons have not even been mentioned by management, so the statements from Mozilla management are nothing by a red herring and propaganda. The statements from Mozilla include much of the propaganda used by the EME proponents.

      Not a single distributor has yet supported the claimed sandboxed CDM, and Mozilla has not justified how it will be robust, so it is unlikely any significant distributors will support it, or at least not support it for high value content. Thus it will not stop users moving to other web browser to use streaming services, unless Mozilla support other CDMs! Mozilla will have already promoted the EME as the winning standard and will be able to use all the same arguments to justify supporting platform CDM implementations, doing more back-room deals that they will sugar coat with their propaganda.

      The contemporary web does not include DRM and the open web community has not accepted the restrictions that DRM imposes. Mozilla will be responsible for the damage caused to content owners when the open web offers web browsers that save content, and will be responsible for harm causes by false prosecution of the developers and distributors of such open web browsers. This matter will surely be tested in the courts and Mozilla will need to defend themselves, defend their interpretation of the open web as supporting DRM, and this is completely absurd given the Mozilla mission.

      The development of Firefox is open to allow the community to check for compromising actions. Mozilla have compromised the open web by announcing their implementation of the EME. We need to develop appropriate responses.

      May 24th, 2014 at 22:47

  255. Red

    Correct me if I’m wrong …

    EME offers easy Javascript API?

    Does this mean that the all mallware authors will have a secure distribution channel that no one else will be able to read?

    This makes EME a ultimate backdoor.

    May 21st, 2014 at 06:36

  256. onion

    Although Mozilla’s dilemma is understandable, you can’t compromise with tyrants (hollywood)! Accepting this kind of restriction of free speech, which is what DRM is, sets a very dangerous precedence and puts Firefox firmly on the “to be avoided” list. Do humanity a favor and scrap this DRM garbage. Nothing good will come of it!

    May 21st, 2014 at 07:03

  257. Michaela Merz

    @MitchellBaker @firefox I renew my call for a community vote on DRM. Let us decide.

    Twitter: @mischmerz

    May 21st, 2014 at 08:34

  258. Craig Barnes

    You dont object to something by going with the flow, Firefox must stand up for the rights of its users, even if most of those users dont understand the problem. Make the most use of this opportunity to educate them.

    If you need support for an education drive, I have no doubt that you will recieve it if you ask.

    Take the higher groud. This is the reason I use Firefox, and the reson I would support an anti DRM fork should the need arrise.

    By implementing support for DRM in Firefox you are by definition acknowleding DRM.

    The only objectives that DRM achieve are those of the monopoly holders. Content producers will be no better off for this, only the distributers will truly benfit. Users rights will be restricted further, and it serves as a very ugly precident in Copyright history.

    The Copyright system has been abused too much already.

    If just one major browser objects so such behaviour ( the peoples browser – Firefox ), then nobody will be able to claim that DRM has been accepted by all major browsers.

    Please reconsider this position, there is more at stake than market share.

    May 22nd, 2014 at 13:03

  259. Castarco

    Hello, I have three important questions that i think it’s worth to anwser in the FAQ.

    Which are the terms of the comercial agreement with Adobe? What gets Adobe for developing de Adobe Access CDM? Money from content distributors? Money from Mozilla? Both?

    Will Adobe obtain a monopoly on the Firefox CDM plugin? Will be possible to install more than one CDM plugin at the same time from different sources/companies?

    Will Firefox do the effort to achieve deterministic compilations for the CDM host executable in order to help the community to verify that the binaries corresponds to the open sourced code?

    May 22nd, 2014 at 15:13

  260. Hugh O’Brien

    This is wrong, promoting convenience over ethics. This is not what Mozilla is about, and is not what people choose its products for. If this is not clear, ask the users what they would want. Those involved in the community will have a different voice than the ‘everyday’ user, respect it.

    May 25th, 2014 at 09:13

  261. Sylvester

    This implementation of EME is not a good move. What would stallman say about this? Mozilla should have used this chance to educate users the fallacies of DRM. At least 1/5 of the world will be educated. By the way, there’s GNU IceCat for those people saying Mozilla should provide a fork.

    May 26th, 2014 at 04:39

    1. Maki

      GNU IceCat only works on GNU/Linux & OSX.
      For Windows there is Pale Moon.

      Note that GNU IceCat and Pale Moon are made by different maintainers and have different goals behind their rebranding/forking of Firefox.

      May 26th, 2014 at 07:39

  262. Mike

    I pity the sheeple who even consider being DRM’ed. All this shouold be an utter non-issue. People who value their freedom enough will always turn to “illegal” means rather than be f*cked by anyone on their own devices. Even if it means not getting all the hip “content” immediately.

    So yes on the one hand it is irrelevant because the only reason I will download the spyware is to decompile it, and on the other hand it is IMO a very bad decision by Mozilla and definitely, along with past bad privacy and security decisions + ruminations about ad junk alienates many freedom lovers to a point where unforked firefox is quickly becoming a non-option.

    this is 2014, folks! and there you are, supporting the mad machinations of the content mafia.

    May 30th, 2014 at 12:36

  263. 0ctatron

    Hey Mozilla, hows it feel to violate your own principals you DRM sellout!!

    You could have offered up the Adobe bit as an Add-on that’s ticked on by default during install. But NOOOO you had to bind it in, removing the users choice to have an untainted pure open source browser.

    But no you had to go and jump in bed with Adobe down the street and now look whats happened! Shame Shame

    At least tell me you left Thunderbird and Iceweasel alone?

    May 31st, 2014 at 02:52

  264. Pierre

    Mozilla, Are you just gonna ignore everobody’s complaint about your decision? Are you gonna do as though everything was fine, and nothing happened?

    Are you now under control of money, and big companies and not anymore under the control of the people? Now you just don’t care about the people like big compagnies, who constantly attack the public?

    Pierre.

    June 2nd, 2014 at 03:30

  265. Pierre

    ps:

    We all understood -I think – that your decision is not about installing DRM or non-free software without the conscent of the user. But to me it is not the question.

    The question is “How likely is it that a free software user will be able to access the entire web (or most of) without either DRM or non-free software?”

    And I think your decision is making it a lot less likely that the web remains free and open.

    June 2nd, 2014 at 04:52

  266. Brett Zamir

    The Universal Declaration of Human RIghts states, “Everyone has the right to the protection of the moral and material interests resulting from any scientific, literary or artistic production of which he is the author.” (Article 27.2)

    While Mozilla is of course not a government and is free to create technology which restricts the protection of the material interests of software productions, if it is a right to have one’s artistic productions protected materially, why is everyone assuming that the only moral thing to do for a technical product is to support the interests of consumers for their material interests in exploiting a product more fully instead of also for the arts producers distributing content accessible to the tool?

    I’m all for taking steps to level the playing field, but I think reasonable people take this as with all things in moderation (and also don’t lie to themselves in claiming that restricted content can only possibly hurt the industry).

    Most people with hearts are fine with the government leveling the playing field to a certain degree by coercively redistributing some wealth from wealthier persons and entities to the poor. But if one does _everything_ coercively, fewer good things will get made, no matter how much one philosophizes about it. Of course there can be plenty of good, unrestricted productions, and plenty of bad restricted ones, but one cannot say that without a material incentive, producers will just serve the State for the supposed benefit of all.

    Besides this, charity is rendered less meaningful if the coercion becomes absolute; there is a joy in willingly sharing or contributing content or code which is not compelling others to do the same.

    Mozilla has historically taken a moderate approach to “coercion”, leveling the playfield somewhat with the obligations of its license, but it does not take an exclusively viral (i.e., more compulsory) approach, so I see nothing inconsistent with its approach here.

    So unless there are security issues that indeed cannot be solved, I don’t understand why so many here are eager to prevent a means enabling the web to truly be for everyone according to their own independent rights, whether as producers or consumers. If you don’t like it, argue for the benefits of sharing, but let others live their lives. I’d frankly prefer that this be expanded even further to facilitate closed source client-side JavaScript.

    (Note that I mention closed source JavaScript as opposed to other proprietary languages/plug-ins; I do hope Mozilla continues to advance united web standards as opposed to proprietary plug-ins simply because a proliferation of languages (as with multiple human lingua francas) doing the same thing is of no real benefit to consumers OR producers except when the standards are failing to keep pace with wishes of consumers and plug-ins compete to meet the gap (thus my interest in my “AsYouWish” add-on to provide a web-based JavaScript API for privileges not yet exposed to websites upon user permission).)

    So, how about we stop assuming there is only one ethical approach here; unless Mozilla is deceiving users, they don’t need to pressure artists into redistributing their legitimate wealth, nor do they need apologize for it either as far as I am concerned.

    June 2nd, 2014 at 06:51

    1. Michaela Merz

      Simple answer to you question: The Internet was first. We built it in our free time, with our software that we shared among others so that they too could become a part of it. The content industry came long after we were using the net for the things we used it for. Nobody forced them to use the net. So – if they want to protect their content – why not start their own network?

      June 2nd, 2014 at 07:27

  267. Kirk M

    I’m curious. I wonder how many folks here who use Firefox and are complaining about this decision have the latest Flash and/or Silverlight plugins installed in Firefox. Considering that both are DRM enabled, I’d find these complaints a bit hypocritical. And what’s the use of forking Firefox into a browser like Palemoon if users are just going to install Flash and Silverlight and watch DRM media anyway?

    Mozilla either implements this or goes out of compliance with W3C–not something the developer of a major browser wants. At least DRM won’t be “hard-baked” into Firefox itself and they’re giving users a choice whether to accept the DRM enabled CDM download or not, unlike the other major browsers who already have DRM built in and gives the user no choice whatsoever.

    “But CDM is going to be developed by Adobe and will be closed sourced” Well, so is Adobe’s Flash plugin, what of it?

    If there’s any entity to blame here, it’s W3C for rolling over to “Hollywood” and company so Mozilla either had to do this or fall out of compliance. As far as I’m concerned, Mozilla is not and never was the “savior” of the so-called “open web”. Heck, Mozilla isn’t even a company and it’s certainly not the “last haven” of anything. So now Firefox users against DRM (yes, DRM needs to completely revamped or tossed into the trash altogether in lieu of something else) feel it’s alright to heave the entire burden of preserving the “open web” on Mozilla’s shoulders? I think not.

    Mozilla can still promote openness and fight DRM and still remain in compliance with W3C standards.

    June 2nd, 2014 at 07:19

    1. Joshua Cogliati

      Since you asked “I wonder how many folks here who use Firefox and are complaining about this decision have the latest Flash and/or Silverlight plugins installed in Firefox.” here is what I do.

      I have a separate virtual machine (qemu) that I stick the non-open source things like chrome and flash in. This virtual machine’s only purpose is to do things like play H.264 videos and DRM’ed VEVO videos and the like. If I encounter a video or something else that cannot be played with open source Firefox, I decide if I think it is worth it to start up the virtual machine. Usually I decide no, but about once a week to once a month, I will start up the virtual machine. So yes, I am complaining about Mozilla including DRM even tho’ I occasionally do use DRM’ed videos. But the majority of the time if a video uses H.264 or DRM, I just don’t view it.

      June 3rd, 2014 at 04:58

      1. Kirk M

        @Joshua Cogliati – A very wise thing to do. I myself keep Windows 7 32 bit in a virtual machine (VirtualBox) although I really don’t have the need to do so any longer (mostly to help troubleshoot my wife’s Windows machine is it goes funky).

        I don’t have much use for DRM or H.264 video at all or the need to view it and I would probably use your solution if I did. However, this type of solutions what you might call an “edge case” employed by those who are advanced computer users. In my experience, most so-called “average” users would neither know or care about this type of thing. Their question would be, “Can I stream my movies or not?” ;-)

        June 3rd, 2014 at 06:43

  268. James Kaplan

    Netflix and others desiring to provide secure transmission have their own apps making browser delivery superfluous.

    Why is it Mozilla and so many others are so rabidly concerned to bend over for Hollywood and the NSA yet fail when it comes to protecting consumers? Google, Instagram, even Facebook all require us to give up rights to whatever WE publish, yet we are expected to yield to their requirements? Last time I checked there were billions of internet users and only a handful of DRM supporters.

    Give us a break!

    June 2nd, 2014 at 12:11

  269. Gregory Karastergios

    SRSLY? I do not need DRM in my favorite browser. There is no point in DRM. Firefox was made as a browser that is open and free. not one that restricts what I can do online. Besides, I have my ways around DRM and EME to do what I want.

    June 5th, 2014 at 07:27

  270. Andrew

    Well that’s the end of me using firefox. It was a good run but they have clearly strayed from there core values and principals. If a good version is ever forked I will happy use that. I like firefox and it is sad to see it go away.

    June 9th, 2014 at 18:56

Comments are closed for this article.