https://bugzilla.mozilla.org/show_bug.cgi?id=923590 (I am not the reporter of the above bug, but some comments on the bug suggest it should be posted about on these forums: I agree.)
In summary, in addition to all the other ways that it would violate the principles of openness, HTML5 DRM would cripple any meaningful security in the browser. It would: - require closed binary blobs. - prevent security verification of that code. - prevent projects like TOR and TAILS from using the browser. - permit the NSA and others to invisibly embed security breaches. - permit tracking of the browser even when all tracking is off. I don't feel that having a checkbox to turn it off is a sufficient solution, given the huge security and privacy issues, and the potential for feature creep. So I'd agree with the bug report's argument against implementing any form of DRM by any name, whether "content protection" or "Encrypted Media Extensions". Instead I'd recommend to remain fully open, implementing the HTML Living Standard of the WHATWG, rather than the HTML5.1 of the W3C, and just continue to permit separately-distributed, closed-blob plugins within a careful security sandbox. Five of the ten principles from the Mozilla Manifesto (http://www.mozilla.org/en-US/about/manifesto/) are directly relevant here: 2. The Internet is a global public resource that must remain open and accessible. 4. Individuals’ security on the Internet is fundamental and cannot be treated as optional. 5. Individuals must have the ability to shape their own experiences on the Internet. 7. Free and open source software promotes the development of the Internet as a public resource. 8. Transparent community-based processes promote participation, accountability, and trust. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
