Skip to comments.DRM in Firefox is The End of Our Digital Security
Posted on 05/21/2014 8:42:39 AM PDT by ShadowAce
I am not going to either defend Mozilla on the decision of adding DRM in Firefox or write against it, they did what they had to do. In the end its all business, Firefox is of no use to me if I cannot watch Netflix on it. So I can understand the awkward position Mozilla would be in when deciding on the DRM in Firefox, what I dont understand is How can Mozilla completely ignore the security complications associated with this decision.
In a single line, DRM in Firefox is going to end our digital security as we know it and Ill explain it how. I dont care about other browsers as they have already given up on user liberty long ago but Firefox has long stood for our freedom on the web and I respect that, well used to.
For a moment, lets say we dont have any problem with the DRM in Firefox and we are actually happy as now well be able to enjoy services like Netflix and others. The problem is that DRM module implemented in Firefox is being developed by Adobe ( Yes, Adobe ), an HTML 5 based DRM implemented in Firefox is being developed by Adobe.
The DRM module developed by Adobe is closed source, which alone is a deal breaker for many people and worse it is protected by controversial global laws to prevent security research because such information could be used to weaken the DRM and researchers publishing such information publicly has been threatened and prosecuted in the past. In other words, reporting security bugs for Adobes DRM module in Firefox can land you in legal trouble.
Dmitry Sklyarov, a Russian Computer Security Researcher was arrested by FBI in 2001 because he presented a paper on the strengths and weaknesses of the software used to protect electronic books at Defcon convention in Las Vegas.
It was our very own Adobe who charged Dmitry Sklyarov with breaking the security on Acrobats E-Reader API, trafficking in and offering to the public a software program that could circumvent technological protections on copyrighted material under section 1201(b)(1)(A) of the U.S. Copyright Act which was made law by the 1998 Digital Millennium Copyright Act (the DMCA). He was also charged with aiding and abetting his employer Russian software development company Elcom Ltd (a.k.a. ElcomSoft Co. Ltd) to do that.
What Dmitry Sklyarov did was legitimate security research and he determined the security of several popular E-Book reader products and then notified the respective firms of his findings. His company Elcomsoft published, in Russia, software that circumvented these ineffectual security systems. His Def Con talk was a clear and evenhanded presentation of the facts. This security is weak, and heres why. he said. One particular company he mentioned stored the password in plaintext inside the executable. So, anyone with Notepad and a few minutes of scrolling could have the book modified for easy distribution.
Even Sony BMG infected millions of computers with an illegal rootkit to prevent people from ripping their Audio CDs which was completely Legal. After the word was out, many security researchers admitted that they had known about the rootkit but were afraid to say anything about it.
So Mozilla is allowing to run such a software in Firefox which is closed source and insecure to such a degree that even Security bugs are illegal to report. Although Mozilla is trying its best to limit the effect of DRM by the running the DRM module in a sandbox which will limit modules access to other processes in the system and Firefox is the only web browser to do so as the DRM module runs unrestrictedly in other browsers. But that is not enough and Mozilla knows that and admits in a blog post
Unfortunately, Mozilla alone cannot change the industry on DRM at this point. The new implementation of DRM will soon become the only way browsers can provide access to DRM-controlled content.
Mozilla openly admits that there is nothing they can do instead of accepting DRM. Mozilla was one the biggest advocate of Open Source and Free Software on the web. With Mozillas recent actions, freedom invading industry practices and continuous enforcements of privacy violating laws, I can image what the future looks like.
Brendan Eich, the head of the company who was forced out ostensibly for political correctness, was an opponent of adding the technology to Firefox. Many suspect that he was removed in order to facilitate greater NSA penetration of the Web, and that the PC brouhaha was just a cover to divert attention.
Well, that’s the end of my waterfox updates.
I’ll just stick with current versions until a workaround appears.
I wonder how he felt about Austrias or what ever that piece of crap is called.
The Gaystoppo strikes again.
I use FF 11.0 and Adobe Reader 10.0. Why keep updating just to get the latest bug?
It would be nice if he explained what DRM is. Not everyone knows what it is or why we should.
Java, active X and all the things that allow pop ups are all shut off. I haven’t had a bug in more than three years.
So I can go to jail for pointing out that this thing was made by Adobe?
Digital Rights Management
Yeah, it’s a trait of the computer clique.
too much jibber jabber and techeeze
DRM (Digital Rights Management) is another layer of software to prevent the end user from doing anything that the owner does not want.
If you just need a pdf reader, there are quite a few alternatives to the Adobe product. I use Sumatra - freeware. It will also read .epub amd .mobi files.
Yes, apparently so. I’ll now call it a garish name acquistion technique and to institute my new program, I’ll assign it the acronym of “GNATS”. Take that.
Thanks for your reply.