Mozilla holds its nose and supports DRM video in Firefox

The open-source browser gets a proprietary Adobe software so people can watch video from sites like Netflix over the Web. Supporting it is better than losing Firefox users, Mozilla says.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors | Semiconductors | Web browsers | Quantum computing | Supercomputers | AI | 3D printing | Drones | Computer science | Physics | Programming | Materials science | USB | UWB | Android | Digital photography | Science Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
4 min read

Firefox logo

Mozilla has agreed, reluctantly, to build a Web standard called Encrypted Media Extensions (EME) into its Firefox browser, a step that enables use of copy-protected video from Netflix and other sources on the Web.

The nonprofit organization has opposed EME, a technology that lets a browser perform digital rights management (DRM) tasks such as restricting copying or ensuring that rights to watch a video expire after a certain period of time. But on Wednesday, Mozilla said it's enabling EME because it's becoming widely enough used that its absence from Firefox would push people toward other browsers.

"Looking at the competitive landscape, every single major player in the browser market has adopted this spec and the prop module that comes with it," said Chief Technology Officer Andreas Gal. "We are concerned that if we don't do this, our users don't have access to a significant part of the Web."

It's not the first time pragmatism won out over principles at Mozilla. It was also opposed to the patent-encumbered H.264 video codec, which is widely used to compress and decompress video for Internet streaming, but decided it had no choice but to support it for Web-based video. Mozilla favors openness on the Web, and patent-encumbered, proprietary software is the antithesis.

Mozilla isn't writing the DRM decryption software itself, something that would be impossible to ship in an open-source product like Firefox. Instead, Mozilla has a partnership to install a module from Adobe Systems, a close relative of what it ships in its Flash Player browser plugin. Firefox will download the DRM module after people install the browser, but it activates only when a user visits a site that uses the technology and grants authorization.

Historically, streaming-video sites that want DRM have used browser plugins including Adobe's Flash and Microsoft's Silverlight. But Adobe's browser plug-in is being gradually excised from desktop browsers and from new Web sites. Flash doesn't run at all on mobile devices using Apple's iOS, Microsoft's Windows Phone, Mozilla's Firefox OS, or Google's Android. The situation has posed a challenge for those who want the Web to be an all-purpose computing foundation.

Thus, some developers at Google, Microsoft, and Netflix have been working on an alternative, EME.

EME is being standardized through the World Wide Web Consortium and currently is in draft form. In January, the Motion Picture Association of America (MPAA) joined the W3C. The EME spec has been a point of controversy for years, though; among prominent opponents has been Ian Hickson, who for years has been a leader in the standardization of HTML (Hypertext Markup Language), one of the seminal standards that makes Web possible. He was involved in shepherding video support into HTML, a direction that ultimately led to today's DRM complications.

EME doesn't actually handle encryption itself. Instead, a mechanism to communicate with a DRM plugin called a content decryption module (CDM) that does. That means a Web app can show encrypted media, helping Web developers match the abilities of programmers who write native software that runs directly on operating systems like iOS or Windows.

Mozilla doesn't like EME, though, and not just because it's proprietary software. The approach is complicated for Web developers, too: Safari, Internet Explorer, and Chrome each ship with a different CDM, which means Web sites must check what browser a visitor is using then send the encrypted video with the appropriate system.

"The situation is really sad," Gal said. "It's a direct consequence of fact that the EME spec is not really a spec -- it just says there is a black box and here is how you talk to the black box."

One of Mozilla's big complaints with DRM, as implemented today, is something called node locking. That's a technology that confines content like video or audio to a single device, and it's an approach that stands in sharp contrast to the current cloud-computing philosophy of the industry.

With that philosophy, people are used to getting their documents, e-mails, and photos from whatever device they have on hand -- a smartphone, a tablet, a PC. Node locking means it's not necessarily easy to watch a TV episode on your smartphone on the way to work if you bought it on your PC.

Mozilla is taking a slightly different approach to node locking, though. Instead of letting the CDM build a device fingerprint based on hardware details of a computing device, it supplies its own node identifier to add a bit of privacy, Gal said.

To do that, Mozilla confines the CDM to a sandbox. It's open-source software, so the content industry can make sure it works as advertised and privacy advocates can see that it doesn't pose privacy problems, Gal said.

Ultimately, Mozilla would prefer the content industry to abandon node locking, moving instead to permissions based on an account, not a device.

But so far, there's no sign movie and TV studios are willing to yield. "They are simply not open to the argument right now," Gal said. "One of our hopes is as that as technology progresses, at some point the content industry will recognize they're not doing themselves a favor."

Another change Mozilla would like is a move away from DRM and toward watermarking, which embeds invisible data in video files that can determine

With watermarking, "if someone takes video stream against the license, you can detect who did that," Gal said.

Updated at 1 p.m. PT to clarify that the EME standard is still in development at the W3C. Although the process isn't finished, the draft standard is in use today.