Announcement

Collapse
No announcement yet.

The W3C claims to be what it is obviously NOT

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    The W3C claims to be what it is obviously NOT

    https://www.networkworld.com/article...pt-secret.html

    Let’s compare that to another statement the W3C made to me regarding their “openness”:
    “Even if we treat the web like a public commons, the W3C is a member org — it's clearly easy to forget that as we are unprecedentedly open.” — W3C on Twitter
    Unprecedentedly open.” That’s how the W3C describes themselves. And yet they not only don’t disclose critical data around their decision-making process for new standards, but they censure members that even hint at the internal votes.


    In this way, the W3C is the exact opposite of open. A closed cabal (with a high price tag for participation) decides, in secret, what the future of the “free and open Web” will be. Every human being on the planet should be concerned about this.

    https://www.neowin.net/news/w3c-appr...rchers-worried

    However, many people are concerned that the new standard gives too much power to streaming services and browser makers, while at the same time restrains researchers and users of those services. One point of contention is that EME offers no protection for security researchers that hunt for bugs or vulnerabilities. In many countries, the act of bypassing DRM is considered a crime even if it is done for legal purposes like security research. The new EME standard does not protect such researchers from possible prosecution. Another issue is that under EME, there is no standardized way to decrypt a protected video stream, which may lead to browser makers having to license a vendor's specific decryption module, causing implementation issues for open-source browsers and possibly hurting new ones that wish to enter the market.
    Expect to see Google, Microsoft and Apple attach proprietary DRM decryption to their browsers, and the major streaming services adopt them, to the exclusion of open source browsers. With it will come the Big Brother tracking and all that goes with it.

    https://www.eff.org/deeplinks/2017/0...and-membership

    The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew — and the large corporate members continued to reject any meaningful compromise — the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate. In essence, a core of EME proponents was able to impose its will on the Consortium, over the wishes of a sizeable group of objectors — and every person who uses the web. The Director decided to personally override every single objection raised by the members,
    ...
    We believe they will regret that choice. Today, the W3C bequeaths a legally unauditable attack-surface to browsers used by billions of people. They give media companies the power to sue or intimidate away those who might re-purpose video for people with disabilities. They side against the archivists who are scrambling to preserve the public record of our era. The W3C process has been abused by companies that made their fortunes by upsetting the established order, and now, thanks to EME, they’ll be able to ensure no one ever subjects them to the same innovative pressures.
    With these corporations it is all about money and power. Expect them to restart their plans to dip into every Internet user's pocket demanding micropayments for even, I suspect, normal web browsing. And with government pressure I see nothing to stop the government(s) from demanding that spyware be included in the EME's, so even when you are using Tor or a P2P network Big Brother is right there, watching your every move and monitoring your every post.
    Last edited by GreyGeek; Sep 24, 2017, 02:56 PM.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    GG,

    I found this "interesting" in the same sense as the old Chinese curse "May you live in interesting times".

    Further disquieting is the fact that HTML has no (serious) alternative such as we do with Operating Systems.

    Sure, we can write web code which avoids using HTML, but we can't avoid the rest of the web which does.

    This will not end well.
    Kubuntu 24.11 64bit under Kernel 6.11.4, Hp Pavilion, 6MB ram. Stay away from all things Google...

    Comment


      #3
      Code:
      Further disquieting is the fact that HTML has no (serious) alternative such as we do with Operating Systems.
      Thats not a bad thing. Getting all the major browsers to agree on HTML, CSS and JavaScript has proved hard enough. Do we really need an HTML alternative to make things even more confusing? While I agree that the W3C's stance on DRM is worrying, at least they have made efforts to standardize web technology so developers dont have to spend so much time writing browser specific hacks.

      Code:
      Sure, we can write web code which avoids using HTML, but we can't avoid the rest of the web which does.
      Unless you're talking an api or something, I don't think so.

      Comment


        #4
        Agreed, but my point is that we don't really have a choice, now.

        The problem is not HTML per se, but the standards committees which are writing the specifications. Kind of like putting the Federal Reserve Bank in charge of our money... We hold the Gold, we make the rules.
        Kubuntu 24.11 64bit under Kernel 6.11.4, Hp Pavilion, 6MB ram. Stay away from all things Google...

        Comment


          #5
          Well, somebody has to make the rules. Who else do you suggest?

          Comment


            #6
            My concern is that open sourced browsers will be forced to add the DRM to their code in order to use essential services like online banking, etc. Since the code is proprietary and even security researchers will not be allowed to test it legally it will be a perfect vehicle for spyware. It was only a few years ago that the US gov forced WiFi makers to put a back door in their firmware, which caused me to switch to DD-WRT. I’m still waiting for the Justice Department to prosecute our spooks for violating their oath to uphold and defend the 4th Amendment, but I won’t hold my breath.


            Sent from my iPhone using Tapatalk
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.

            Comment


              #7
              I agree GreyGeek. There are already a number of services that I can not use in open source browsers. I'm guessing that this number is only going to get bigger as time goes on.

              Comment


                #8
                Originally posted by whatthefunk View Post
                Well, somebody has to make the rules. Who else do you suggest?
                I can't subscribe to: "somebody has to make the rules". First; Who decides exactly which "somebody" gets to make those rules? Open source software should remain open, not be dictated by either government agencies or businesses whose interest is to gain both monetary advantage in the marketplace AND control.

                As a coder and business owner, I like monetary advantage. I deplore legislated monetary advantage. Either my code is worth buying or some other coder will get the sale. NOT because the other guy obtained "permission" from an arbitrary "authority". It's called anarchy in some circles, even disparaged by it's opponents. It's lack can lead to revolution. I point to the evolution of FOSS as that revolution. Anybody remember the days of IBM? How did that work out for them?

                FOSS has been the philosophy which yielded our Linux environment... W3C has deviated away from this path and allowed (been coerced by?) the entities I listed above, to assume control. They (W3C) are no longer working in my (our?) best interest.

                Your question: "Who else do you suggest?" makes an assumption that those who are directing W3C need to be changed... How about if we remove the outside influence being exerted on the original committee? As I recall, the committee was composed of actual developers and coders, people I would trust more than elected (or non-elected) officials and CEOs / CFOs / CIOs of for-profit businesses.

                Yes, these are all 'grey" areas with overlap into both the Black Hat camp and the (IMO) publicly visible White Hat camp. That is why there should be public discussion (like the one we are having right now) and review. I don't see the public review happening. That tells me that there are back-room decisions being made.
                Kubuntu 24.11 64bit under Kernel 6.11.4, Hp Pavilion, 6MB ram. Stay away from all things Google...

                Comment


                  #9
                  There are some misunderstandings in this thread.
                  At the moment the EME (Encrypted Media Extensions) specification is only for for audio/video types. That's only movies, sound, games. Not banking. And I don't really think this is going to affect banking etc, unless your bank is online singing to you. EME is an extension for the video- and audio-element in html.

                  Firefox, an open source browser, already implemented this a few years ago: https://www.cnet.com/news/mozilla-ho...eo-in-firefox/
                  So open source is in no way a protection against DRM. I can't imagine Chromium, highly dependant on Google, is going to refuse DRM.

                  In my opinion the biggest risk is this was the first time w3c took a decision AGAINST the open web. It was also the first time the decision was not made by consensus, but with voting. This opens the door to new decisions based on voting, and with more and more companies becoming member of w3c this is pretty worrying.

                  I see the problem w3c tried to solve (without DRM netflix. etc. would do something without standards). But the way they solved it now is really very bad. Not even possibilities to investigate for security, no accessibility rules, only copyright protection.

                  Comment


                    #10
                    And, Goeroeboeroe, I have little doubt that soon, if not already, the proprietary secret code in the DRM (EME) will be used to carry spyware into a user's computer. Nor do I have any doubts that once that code is mandated on all browsers it won't take TPTB long to extend its capabilities to all critical website sign on's (FB, Twitter, Googe, banks, etc...), media centric or not.

                    I just switched to Allo for their fiber optic (now getting 100Mbps down and up), but they don't yet support IPv6, and currently their modem/wifi is locked out to me, so I can't turn on ping so that my IPv6 tunnel provider can communicate through Allo's modem/wifi and establish the tunnel.

                    That also means that, and I knew this in advance, I cannot replace their wifi firmware with DD-WRT. However, they said they could set up their wifi as a bridge to my wifi, but that would still require that they unblock the ping in their wifi.
                    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                    – John F. Kennedy, February 26, 1962.

                    Comment


                      #11
                      Introducing spyware this way is a possibility, but I think there are easier ways. Netflix etc. can use it, but I think for governments etc. it will be easier hacking something in the operating system.
                      I think, but I'm no expert.

                      Comment


                        #12
                        For those following this thread, this is another description of the problem with DRM / EME being added to HTML by the W3C

                        I say "problem" because it is a contested issue. The reasons for this are outlined by the author and, I think, deserve more discussion before this gets implemented. If it's not already too late.

                        https://distrowatch.com/weekly.php?i...170925#opinion

                        Quoting from the article:

                        With the W3C voting to make EME (a form a DRM) part of the web standard, they are essentially saying that the add-ons required to play protected media should become part of every standards-compliant web browser. This is problematic as DRM extensions are non-free. Their internal workings must be hidden and unauditable in order to keep the methods of decryption secret from the computer's user.

                        If you are interested in the open web and software freedom, this change should be very concerning. What the W3C has done is basically dictate that any standards compliant web browser must feature non-free, secret code. Code which developers cannot check for security flaws, for backdoors or for mistakes which could crash the web browser. These non-free pieces were previously add-ons which people could download as they wished, but most of us could ignore as they were not included in most browsers by default. Now, it looks as though most browsers will need to adopt the standard, forcing their users to run non-free software on their computers in order to browse the web.
                        Kubuntu 24.11 64bit under Kernel 6.11.4, Hp Pavilion, 6MB ram. Stay away from all things Google...

                        Comment

                        Working...
                        X