Today, there are two main browser plugins required for watching DRM Video on the web. These plugins are not decoders, they are merely platforms on which the decoders themselves can run, alongside any other code that the site may supply. The problem with this approach, as I see it, is that these platforms create an inherent security risk for the user alongside the current issues regarding free software and ethics. The use of Flash/Silverlight also slows the adoption of other, more open, web standards.
By switching to EME, you're switching out the Flash & Silverlight platforms for a set of closed binary blobs which take an encrypted stream from the browser and produce unencrypted video/audio for the browser to display instead of executing arbitrary code. Now, I'll admit I'm not terribly well versed on the issue, but to me that seems to increase user security, promotes the use of other open web standards over Flash/Silverlight and keeps the media companies happy. The only people losing out in this situation are those that find DRM conceptually abhorrent.
Functionally, as far as displaying video goes, there is very little difference between a Flash Video player, and a Adobe CDM Video Player.
Sure it might have a slightly smaller attack surface because it does not have all the other flash "features" that are not really used any more, but do not fool yourself, it is still executing arbitrary code that is beyond your control, and any attempt to control what this code does could be considered a violation of DMCA.
It however in no way promotes the open web, I do not know where you get that from. This is the exact opposite of promoting the open web
As to who loses out, it is not just people that find DRM objectionable. Will Adobe DRM work on ARM for the various SBC system like the Raspberry pi? Doubtful.. Will there be a CMD for midori? Ice Weasel? or any of the other less popular browsers? Doubtful. With the Adobe CDM work well, and bug free with out killing system resources under Linux x86? Doubtful (it will probably work, just not well)
So we are back to a world where only "approved" platforms are allowed to use the web fully, this is direct opposition to W3C's stated mission.
I imagine that playing videos is the Flash Player's primary use case. With EME supporting only video decoding, we can sooner phase out support for Flash Player and everything else it drags along.
If Adobe's CDM can run while completely sandboxed from network and file access, then what if it was implemented in asm.js? Then "CDM.js" could be portable across all browser platforms and architectures. I'm not sure how well Firefox's JIT would optimize obfuscated asm.js code generated from obfuscated C++ code. :)
Disclosure: I used to work on Adobe's Flash Player team and I now work at Mozilla, so I have many conflicting personal and professional biases. :)
The CDM and the server runs some sort of secure key exchange with the browser doing the actual network traffic. The browser is eavesdropping on the communication but that's what Diffie-Hellman, STS etc are solving. Then the browser gets the encrypted stream, hands it to the CDM which has some ties to the OS to be able to draw on the screen. Only tie to the OS is required, no files, no network. The browser can handle those.
produce unencrypted video/audio for the browser to display
That's the silly example used in all of the pro-EME propaganda, but the standard also allows content providers to demand an encrypted path all the way to the video card, IIRC, thus bypassing the browser's ability to save content, and exposing a potentially insecure video driver to the CDM blob.
This is my real objection to DRM: it fundamentally either is just a show (turning over the unencrypted message to the browser, anyway) or requires that I be locked away from the computation happening (has direct access to hardware and security features to keep me out).
So either it doesn't work by design, or it's a rootkit's wetdream since all hardware is designed to be able to lock me out.
Is a bank vault "just a show" simply because no one has ever invented one that can't be penetrated with a sufficient application of high explosives or a plasma torch?
The goal of making Joe-Average choose between the official channels or some malware laden underground site is a perfectly pragmatic one on the parts of the licensors. They don't need to block the ilicit copying completely to see a benefit...
Especially when the costs of their 'protection' are predominately externalized onto the users (in the form of restricted freedoms, closed software, spyware, etc).
In my terms, a bank vault would protect my valuables by fundamentally denying me access to them, except on terms dictated by some external trusted party. This is the case of DRM using entirely encrypted paths (which can be broken with the big guns, like in your analogy), not the case of it being "just for show".
> The goal of making Joe-Average choose between the official channels or some malware laden underground site is a perfectly pragmatic one on the parts of the licensors.
Uh... what? The problem with DRM from a practical standpoint is that the effective technical means serve as an impediment to Mr Joe Average using his computer for perfectly allowed purposes - including at times playing the game. (Look at any major game launch recently for thousands of upset players because the DRM servers are overloaded.)
Secondly, you presented a strawman, since there are lots of non-malware-laden copies available online.
I'm not really against DRM per se, if there were some magic solution. Nor am I arguing that partially effective security measures are meaningless. I'm arguing that having encryption protected computing channels which deny the user override (or inspection) access are dangerous (duh! they go on malware laden websites, as you point out), and that any DRM which doesn't use such hardware level (or even low-level software) is no more effective than just setting a metadata flag saying it's copyrighted.
I get why companies want DRM, but that doesn't mean that I think giving in to their wishes is a good idea, when it both creates worse computer security problems and fails to solve the problem at a technical level.
A lot of people pirate things precisely because DRM is such a hassle.
By switching to EME, you're switching out the Flash & Silverlight platforms for a set of closed binary blobs which take an encrypted stream from the browser and produce unencrypted video/audio for the browser to display instead of executing arbitrary code. Now, I'll admit I'm not terribly well versed on the issue, but to me that seems to increase user security, promotes the use of other open web standards over Flash/Silverlight and keeps the media companies happy. The only people losing out in this situation are those that find DRM conceptually abhorrent.