A user account is required in order to edit this wiki, but we've had to disable public user registrations due to spam.

To request an account, ask an autoconfirmed user on IRC (such as one of these permanent autoconfirmed members) or send an e-mail to admin@wiki.whatwg.org with your desired username and an explanation of the first edit you'd like to make. (Do not use this e-mail address for any other inquiries, as they will be ignored or politely declined.)

Encrypted Media Extensions Impact

From WHATWG Wiki
Jump to: navigation, search

Editor: Fred Andrews

This document hosts an analysis of the impact of the Encrypted Media Extensions W3C specification, and may well offer suggested changes to the EME specification that mitigate concerns raised. This is very much a work in progress, and currently just a place holder.

The editors of the EME refuse to accept analysis of EME that depends on the operation of the CDM plugins of the EME API and this significantly limits the ability to document the impact and to explore the security and privacy implications within the W3C forum. There has been a lot of discussion surrounding the EME and this document hosts positions and ideas being discussed beyond the limited scope the that the W3C EME specification editors are prepared to host.

While the goal of this document is to move towards consensus, it is expected to host conflicting positions in order to aid constructive discussion and respect of a range of views.

APIs reading back decoded video or audio

Bug 21155 points out that the EME specification does not appear to restrict APIs that allow decoded video and audio to be extracted, and appears to request that EME does declare such restrictions.

Fred: I presume that on some proprietary stacks that the decoded output of some CDMs may not be available and thus such APIs could not in general be depended on. Standards reflect consensus among web browser implementers and thus have no standing or ability to impose restrictions that might protect the business interests of some content authors. The implications of an attempt to do so should be explored. Further, attempts to fingerprint the UA in order to restrict content delivery based on detected capabilities could restrict normal UA operations, such as UA spoofing, and the implications of attempts to so should be explored.