Firefox, DRM and W3C EME: a complicated (technical) matter

Questo articolo è stato scritto oltre 1 years, il contenuto potrebbe essere datato.

Yesterday the news came out that Firefox is going to support W3C EME.

Having been asked for an opinion on several occasions, I’ve opted for writing an article as opposed to making a video, given that the issue is not trivial. I think I may also have beaten my own record as far as the article length goes.

What does this acronym mean?

W3C EME is an upcoming standard from W3C which allows to use APIs in JavaScript and HTML for multimedia contents .


In other words, a keys exchange takes place between a client and a server which delivers the multimedia content.This system has to be multi-platform and has to work on all devices (because it is a W3C standard).

The client side i.e. the browser features a processor, which is the thing creating all the fuss, which allows the browser itself to process this copyrighted material, and which isn’t open-source.

This processor is named Content Decryption Module and it is a proprietary closed-source module, which allows to process material protected by DRM.

Being a closed-source module is what allows it to preserve the DRM of the contents, in contrast with an open-source system which could allow a reverse engineering.

Why does Mozilla want to integrate it?

In order to see multimedia content ,users have been forever installing closed-source plugins such as Flash, Silverlight, Google Hangout, QuickTime e RealPlayer.

I know of people recommending Chrome (not Chromium) because it has Flash Player natively incorporated, so you no longer have to install it separately.

This serves to prove that the majority of users doesn’t know about either the technical or ethical differences in the software they are using.You may also think of the pirated software the are using,but this is a different matter.
Ignoring this marketshare goes against Mozilla’s idea of a web available to everyone, not to mention that Firefox is no longer the most used browser as it used to be a a few years ago and it is therefore forced to comply with this kind of requests.

Main competitors such as Chrome and Internet Explorer feature already this EME by default and we don’t know how they are implementing it.

Mozilla resolved to include this support to improve the user’s experience and also avoid that they may end up opting for another software that ethically and technically-wise may not offer the same set of functionalities and security features as Firefox.

The main advantage of this technology is that no extra software either to be manually installed by the user or bundled with the browser is required.
Obviously before executing this content a dialog box will open asking for permission, therefore the user will have the final choice about using this technology or not.

The FSF – – had their say as it was to be expected.
Of course they do not agree on implementing a proprietary standard and came out with the proposal to release a Firefox version without EME support. If I’m not mistaken it was Stallman himself who said that Steam was a necessary solution, this is just the same in my opinion.

How is Mozilla going to implement this?

CDM-graphicMozilla is going to do this in the most possible open way. But just how?

Mozilla will create an open source sandbox inside of which will run this CDM, the processor, delivered by Adobe (because it happens to be the major supplier of this kind of technologies).
This CDM will be automatically downloaded by the browser in the most transparent way depending from the website and the technology this is adopting,furthermore because of the fact that it will be running inside a sandbox,it will not disclose the user’s personal data.
This is due to tracking not being possible,aside of a unique device identifier.

This integration is as of now intended only for Firefox Desktop whilst in the future it is also planned in Firefox for Android.

This is the best possible way to implement this functionality at the same time protecting the users’ privacy and using an open source code.
Let’s not forget that Firefox is currently supporting the H264 codec (if installed in the OS) to render videos encoded in this format.

The end user will have the final word about using this technology or not whilst browsing,just as it is happening with Click To Play to activate plugins.Mozilla as usual cares about the user’s privacy just as it does for the safe operation and the functionality of the program itself.
That way the end user has freedom of choice about taking advantage or not of such features and doesn’t have to part ways with the best browser on the market,and the one that cares the most about his/her safety.

Related readings

Official announcement by Mitchell Baker –

The article featuring the most technical details (to which I’ve mainly been referring in this post, among other links) which is from Mozilla’s CTO who also is the founder of the Firefox OS project:

More technicalities –

I would also like to quote a Mozilla employee,in this link “Firefox will make it in the records as the browser which can’t be used with Netflix” and also:

This is confusing for free software people, because DRM clearly limits users. Yet Firefox is not the world. If Firefox doesn’t do DRM, Firefox limits its users in what they can do. It denies them functionality they can get by using other products. That’s a paradox which can’t be resolved by “taking a hard stance against DRM.” So if you’re mad today at Mozilla, read this a few times. You must understand the evidence supporting the logic for Mozilla’s decision to not die on this particular hill.


Freedom is not a technical feature. At least, not for the mass market. It is truly heartbreaking to say, because I know people who have given literally everything for this idea.

But here is the good news: enabling users to do more is a feature.

To put it simply, refusing to implement the DRM standard would result in a drawback for the end user which would experience restrictions, whereas Firefox does not wish to restrict the web experience for its users, therefore using this technologies or not will ultimately be their call.

Or we should maybe read – where it says

So with that reality in mind, Mozilla has a choice to support this standard (which is not something the organization necessarily enjoys) or to not support it and lose much of its user base and have a very uncertain future.

which also features a nice meme


“Mozilla did sold us out” yet she still enjoys Netflix e Spotify and is complaining about this on Facebook G+ e Twitter.

To quote the Guardian

By open-sourcing the sandbox that limits the Adobe software’s access to the system, Mozilla is making it auditable and verifiable. This is a much better deal than users will get out of any of the rival browsers, like Safari, Chrome and Internet Explorer, and it is a meaningful and substantial difference.

This is also true, being as it is the best possible implementation on regard to the user’s privacy in comparison to what the other competitors are doing,in order to limit potential issues.

One last quote from

Our choice is not between “DRM on the web” and “no DRM on the web”, it’s between “allow users to watch DRMed videos” and “prevent users from watching DRMed videos”. And we think the latter is a long-term losing strategy, not just for the fight on DRM (if Firefox didn’t exist, would our chances of a DRM-free web be greater?), but for all the other things Mozilla is working for.

My personal opinion

You can easily understand my opinion reading this post,which is everyone still has the choice to use this or not. Just like the codecs.

I’m speaking as someone obsessed with open source programs,which only uses in Linux the proprietary Nvidia drivers (as three monitors need them), Skype (too bad that I did install it, the good news is that I’m rarely using it), Flash which at this stage with HTML5 videos available on Youtube is seldomly needed and unrar which I also use scarcely.

Whenever I can i’m only relying on open source programs such as Netbeans instead of Sublime Text or OpenShot/Kdenlive instead of LightWorks and so on..

To preserve my privacy I’m running OwnCloud on my own server to synchronize contacts and calendar, not to mention files, instead of services hosted on Google or Dropbox.

As with everything else, everyone has the choice to use what he/she likes the best, according to what seems more convenient for the personal data that is wishing to make public.

A couple of articles in Italian:

The most informed Italian article, that I encourage you to read:

I’m ending with a meme,which I haven’t been using in a while,just to flame a littleW3C-Memes_DRM_Chrome_hippie

Thanks to Geko for the english version!

Liked it? Take a second to support Mte90 on Patreon!
Become a patron at Patreon!

Leave a Reply

Your email address will not be published. Required fields are marked *