undefined | Better HN

0 pointsjopsen5y ago0 comments

The argument for DRM is that it ships in a sandbox built by Mozilla.

But hey, I'm sure that if Mozilla didn't ship DRM, video codecs, etc, the browser would have been more popular.

Firefox is actually useful.

DNS lookups are safer with a provider vetted by Mozilla. They were able to negotiate a contract you wouldn't have been able to get. Ensuring you more privacy.

But sure bash Mozilla for trying to be pragmatic, privacy and features is not a trivial thing to balance.

0 comments

3 comments · 2 top-level

def_true_false5y ago· 1 in thread

Yeah, giving another 3rd party user data ensures the users more privacy.

You have some kind of doublethink going on there.

jopsenOP5y ago

Mozilla can't build every service on the internet. Trying would be futile.

But they can collectively bargain on their users behalf.

xg155y ago

> The argument for DRM is that it ships in a sandbox built by Mozilla.

Actually, I was long since wondering how exactly that sandbox works, so if you have some more information about that, I'd appreciate it.

Henri Sivonen's general explanation of EME and CDMs[1] tells the following:

> A CDM could be bundled with the browser, downloaded separately, bundled with the operating system, embedded in hardware as firmware running in a second domain of computing (such as ARM TrustZone) or wired into hardware. EME leaves this aspect implementation-dependent. [...]

EME does not specify the output abstraction for CDMs. It leaves open several options. The CDM could:

- Merely perform decryption and hand back the encoded media (e.g. H.264) to the browser.

[...]

- Perform decryption and decoding and then work together with the GPU so that not even the operating system gets the opportunity to read the pixels back from the GPU.

Meanwhile, Mozilla's implementation of EME seems to be substantially more restrictive[2]:

> Firefox does not load [the CDM] directly. Instead, we wrap it into an open-source sandbox. In our implementation, the CDM will have no access to the user’s hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.

[...]

in Firefox the sandbox prohibits the CDM from fingerprinting the user’s device. Instead, the CDM asks the sandbox to supply a per-device unique identifier.

However, if the sandbox works as explained, the DRM seems to be trivially defeatable: I can simply fork Firefox and modify the sandbox, so it lies to the CDM about the fingerprinting and/or captures the decrypted media stream and writes it to a file - so then, how did Mozilla get Hollywood to agree on this?

On the other hand, if the CDM has some means to verify that Firefox has not been tampered with, then it can escape the sandbox - so then, what is the point of the sandbox?

[1] https://hsivonen.fi/eme/ [2] https://hacks.mozilla.org/2014/05/reconciling-mozillas-missi...

j / k navigate · click thread line to collapse

0 comments

3 comments · 2 top-level

def_true_false5y ago· 1 in thread

Yeah, giving another 3rd party user data ensures the users more privacy.

You have some kind of doublethink going on there.

jopsenOP5y ago

Mozilla can't build every service on the internet. Trying would be futile.

But they can collectively bargain on their users behalf.

xg155y ago

> The argument for DRM is that it ships in a sandbox built by Mozilla.

Actually, I was long since wondering how exactly that sandbox works, so if you have some more information about that, I'd appreciate it.

Henri Sivonen's general explanation of EME and CDMs[1] tells the following:

EME does not specify the output abstraction for CDMs. It leaves open several options. The CDM could:

- Merely perform decryption and hand back the encoded media (e.g. H.264) to the browser.

[...]

- Perform decryption and decoding and then work together with the GPU so that not even the operating system gets the opportunity to read the pixels back from the GPU.

Meanwhile, Mozilla's implementation of EME seems to be substantially more restrictive[2]:

[...]

in Firefox the sandbox prohibits the CDM from fingerprinting the user’s device. Instead, the CDM asks the sandbox to supply a per-device unique identifier.

On the other hand, if the CDM has some means to verify that Firefox has not been tampered with, then it can escape the sandbox - so then, what is the point of the sandbox?

[1] https://hsivonen.fi/eme/ [2] https://hacks.mozilla.org/2014/05/reconciling-mozillas-missi...

j / k navigate · click thread line to collapse