Get the top HN stories in your inbox every day.
no_time
ignoramous
> The author is correct in that media DRM is tied to GPU vendors on the field right now ... hardware backed DRM can be so much more invasive
I expect mjg59 to know what they're talking about but like you say, I wonder the same thing about the strength of (what you call) Media DRM v Hardware-backed DRM.
GPU vendors have quietly deployed [hardware-based DRM] ... [which] works just fine on [boards] that [don't] have a TPM and will continue to do so.
mike_hearn
No, the GPUs have their own hardware RoT that measures the firmware. Modern GPUs are basically parallel computers with their own RAM, bootup sequence, BIOS, operating systems (drivers and firmware together are basically an OS), compiler toolchains, debuggers, sub-drivers and so on.
rustcleaner
One which needs to be opened to users/owners instead of locked away. A price-doubling 100% sales tax on Universal Machines which lock owners out like with video cards (and their firmware), should make products which are not fundamentally significantly GNU-ideals friendy unaffordable to the average consumer (and therefore not economically viable anymore). Siemens can still sell their $5MM machine for $10MM to BASF or whatever, because BASF can afford to borrow double to pay the tax, but Cletus and Dorothy will not be buying sony playstations and apple iphones because $2,000+ isn't worth it.
matheusmoreira
The GPU is a completely separate computer running proprietary software. "Operating systems" do not operate anything anymore. They are just some user app, to be sandboxed very far away from the real action.
Stallman warned everyone. Virtually nobody listened.
fc417fc802
> "Operating systems" do not operate anything anymore.
Not entirely fair. There is still a kernel and a privileged userspace layer. That hasn't changed. The OS implements a common API that abstracts over ISAs and other finnicky hardware details that are under constant short term churn.
It's just that peripherals themselves have become so incredibly complex that many of them now require their own embedded systems in order to operate. The hardware was always a black box it's just that now it contains an entire embedded OS.
rustcleaner
I always said a hefty sales tax (50%? 100%? 200%?) on final sale of any product containing just a single Universal Machine which has artificial designs/locks that prevent the owner from replacing any and all firmware/software with versions he has authored, and/or which lacks complete enough documentation of design and interfaces that would enable a knowledgable and capable owner to author his own software/firmware. This should apply to PCs, phones, watches, microwaves, televisions, CPAP machines, automobiles, toasters... everything which contains a Universal Machine. Uncontrolled [by owner] Universal Machines are a national security concern which has the potential to turn grave at any moment.
advael
A "tax" like this is essentially equivalent to a fine, and a fine is a price
Also, companies can just price the additional cost in, blame the government for the price increase, and mislead consumers about the tradeoff being made. A ban is harder to do that about
rustcleaner
Yep and you can come in and make a fully open and compliant competitor product, because your closed and uncompliant incombent is forced to charge a price which should give you enough margin to succeed.
I am admitting that yes closed beats open at money extraction/harvesting from customers, which is why you only ever see closed hardware. The whole idea is to kneecap business models which depend on handcuffing owners with digital locks. This is economic lawfare, I am not hiding that. We The People are not animals on a farm to harvest dollars from occasionally, as if they were milk and methane.
braiamp
Why not just prohibiting the practice? This isn't weed or alcohol.
rustcleaner
Still allow for the multimillion dollar industrial dozen-megamachine makers.
matheusmoreira
It's downright cyberpunk.
> sites could refuse to serve you if your machine is running any bigcorp unapproved software
This needs to be classified as discrimination.
account42
It should be classified as discrimination but the same thing is already reality with mobile apps.
kccqzy
I have trouble understanding your use of the term DRM. Media DRM makes sense: the copyright holders want to "manage" their rights digitally. How is that relevant to Play Integrity or WEI? Whose right is being protected or managed? If I have an Android without Play Integrity there are certain apps that will not run, but I don't see any rights being managed here: an app developer has the right to refuse service just like I have the right to refuse running an app.
In fact I see no relationship between DRM and Play Integrity other than a tenuous connection that both are about controlling what a user cannot do on their device. If this is what you mean, then you have made the same mistake as FSF by conflating unrelated technologies.
ethbr1
Ultimately, DRM is untenable without users also being locked out of their own devices.
Consequently pressure to support more effective DRM will always translate into pressure to restrict what users can do with their devices.
Furthermore, the only defense against this is large open device market share: once closed devices comprise most of the market, DRM proponents can announce they'll stop supporting open devices, creating a downward spiral that further decreases the availability of open devices.
And then we live in a future that's fucked.
mike_hearn
This is an FSF level understanding. Android devices are fully open and you can reflash them to whatever OS you want. Some remote servers won't give you service if you do that, but nothing is locking you out of your device. As Android dominates the global market, you already live in that world where most devices are open.
saurik
The ability for someone with a news article or a game to only have you experience it if you pay their fee or watch their ads, preventing you from copying the content off your device or modifying it in some way that is unauthorized (removing ads or otherwise modifying the behavior to circumvent protection mechanisms) is pretty obviously the exact same idea -- not some mere metaphor -- and is a protection of the exact same "right" conferred by the exact same laws as allowing someone with a movie to only have you see it if you pay their fee or watch their ads... I am honestly having a difficult time understanding your confusion here :/.
kccqzy
You are still talking about DRM in the context of copyright. If someone has a news article or a game, they have copyright on that article or game and they use DRM to protect their copyright. All these are applications of DRM.
Applications like Play Integrity could be quite different: say a bank can refuse to move money if your instructions to move money comes from a device deemed not trustworthy by Play Integrity. That's like a bank can refuse to let you into their branch if you are dressed in swimwear. A game can also deploy this tech for anti-cheating purposes; really no different from a real-world casino refusing a customer who is known to be good at card counting.
account42
> an app developer has the right to refuse service
They shouldn't have that right any more than a tools manufacturer has the right to prevent you from buying one of their hammers.
The right of first sale is extremely important to a functioning capitalistic society and it's completely absent from the digital world - by design.
badsectoracula
> an app developer has the right to refuse service just like I have the right to refuse running an app.
In this case it feels like an app developer having the right to punch[0] you in the face just like you have the right to refuse being punched in the face :-P.
[0] (to use a family friendly verb)
matheusmoreira
It's not about "rights". It's about power. It's about turning you into a serf in their digital fiefdom. A perpetual consumer.
urronglol
If that ever happened I would nerd up on low level architectures. Get a job in a trusted company. Leak the keys.
The only worthy cause to apply my patience to.
aleph_minus_one
> If that ever happened I would nerd up on low level architectures. Get a job in a trusted company. Leak the keys.
> The only worthy cause to apply my patience to.
This already happened for smartphones.
Concerning your first claim: Did you attempt to get a job at such a company to leak the keys?
Concerning your second claim: Did you already invest lots of personal ressources for this cause?
badsectoracula
> This already happened for smartphones.
Sadly even in tech many people do not seem to see smartphones as real computers.
mike_hearn
In most well designed systems the only keys that are useful are held in HSMs that won't export them to anyone, so you can't easily do that. You could at best sign a few things with the keys if you were able to compromise HSM credentials, but, once you were caught your access would be revoked along with anything you signed.
causi
This is why it's so important to have local copies of things you value. Movies, shows, games, Youtube channels, everything.
DoctorOetker
Consider a benevolent cryptographer, who is able to break modern asymmetric cryptography, but refuses to use it for petty personal gain, and is fully aware of the dangers of publishing it (why this cryptographer put it in dead man's switches instead, with recipients randomized over nearly all power blocs, political groups, companies, ...)
The cryptographer never implemented it on daily compute devices.
Perhaps this cryptographer would be willing to risk a low communication round release of private keys corresponding to public keys in ROM or burnt in eFuses etc... but only if the public key dump is sufficiently large and encompassing.
From the perspective of the cryptographer we are all whining wankers, and we should just collect all the public keys as a wishlist.
The cryptographer care naught about "liberating" hour long advertisements for the militaries or intelligence agencies etc. The cryptographer does wish sovereign compute to fellow humans, a primordial requisite for effective democracy.
====
While I understand the average programmer would ascribe an incredibly low probability to the above, the absolute absence of such a comprehensive public key dump is not in proportion to the probability considered.
TacticalCoder
> the future for personal computing is looking grim
I don't know. They could lock up the hardware stack as much as they want, in the end it's pixels being pushed to arrays. It's extremely hard to prevent these pixels from being intercepted. You'll have pirate groups just going deep in the hardware (opening the monitors and soldering and hacking and whatnots) and eventually tap these.
As for personal usage: I've got hardware from the eigthies still working fine.
Instead of:
movie2025-WEBRip1080p-x265.mp4
movie2025-WEBRip1080p-DRMfree-x265.mp4
For example people can still buy brand new CRT (!) screens today. Not just CRT screens but also brand new CRT PCBs to drive either new or old CRTs. It's 2025 and people can still buy brand new CRTs. That's kinda rad.
And if worse comes to worse, if it's really impossible to go "tap" into the pixels being sent to a DRMed monitor (which I don't buy for a second), there's still the analog hole. Pirates are just going to use old (non DRMed) gear to rip, analog style, DRMed content and then they'll just process the result with some AI models to get it back to near perfection.
Heck, the day's probably not very far where I can use, say, two handcams from the 90s to film a movie at the movie theater and then use an AI model to give back a near pristine movie file (as in: one where it's impossible for the layman to discern from the original).
> This tech extended to browsers could easily mean that sites could refuse to serve you
That's already the case: some content is geo-blocked. People use a VPN or just fire up Frostwire or qbittorrent.
Even a Raspberry Pi 5 goes a long way: when are these going to play the DRM game and make the future look grim, instead of bright?
I don't doubt there are really deeply sick, evil, people out there thinking about how they can ruin of collective future but I also know that they'll encounter people who have systematically owned their sorry arses.
thomastjeffery
We're not concerned about DRM because it will (or won't) stop us from redistributing and playing content. The stated goal of DRM (blocking copyright infringement), and DRM's general failure to meet that goal, is the least interesting part of the story.
We're concerned about DRM because what it does accomplish. DRM creates a vertically-integrated market wherein every layer of the stack is authoritatively controlled by a colluding oligopoly of vertically integrated hardware+media corporations (Apple, Amazon, Facebook, Comcast, etc.)
The greatest problem with DRM is drivers. NVIDIA hardware only works well in Linux because it's important to NVIDIA's business. Even so, there are longstanding issues that would have been fixed decades ago if kernel devs were allowed to collaborate. Instead, DRM (and copyright in general) demands that the driver dev team be siloed away from the kernel devs. This way, NVIDIA can use the exclusivity of its CUDA implementation as an anticompetitive advantage in its hardware business.
Copyright is, fundamentally, a wall between would-be collaborators. DRM is an implementation of that wall, but instead of isolating people, it isolates software. The wall DRM provides is not used to monopolize the distribution of content: it is used to construct moats in our software ecosystem.
There's a reason I prefer the experience of torrenting a Netflix rip over streaming Netflix on my Roku: the entire hardware+software stack is superior. I can actually sort and navigate my library. I can decode&render with my faster GPU. I can adjust the audio delay. I can adjust subtitle placement & font. I can mix the audio so that dialogue is actually audible. I can do frame interpolation with SVP (again using a better GPU than whatever your "smart" TV has onboard). I can seek forward&backward quickly without changing bitrate. I can let the credits play without being interrupted by an ad. The list goes on...
I don't want a goddamn CRT. I want modern hardware. The more we let corporations abuse us with DRM, the less compatible that hardware will be with real software.
mkl
> I can mix the audio so that dialogue is actually audible.
How are you doing that?
stonogo
The issue isn't preventing piracy, it is defending GPU market segmentation. In the old days you could flash Quadro firmware to Geforce cards and unlock features or modify clocks. The common thread is artificial scarcity.
slt2021
it is price discrimination. How to sell the same GPU hardware at different prices based on consumer's wallet:
1. cheaper price for gamers only for games
2. maximum price for crypto/AI bros
hex4def6
I'm not so optimistic.
Yes, you can never "plug the analog hole" completely, but you can definitely lock stuff down to the point it's impractical for 95% of people.
For instance, imagine some sort of audio / video fingerprint system that resides in Intel and/or nVidia's GPU drivers. Content gets played through the on-GPU HEVC / h.264 decoders already. Doesn't seem like a huge stretch to add a fingerprint authentication system to that stage.
Have a list of content IDs that are protected, and require a valid license to play.
Yes, your source file is unprotected (video camera in front of monitor), but all of your devices are unable to play it. Yes, your ancient, circa 2024 desktop PC will still play it, but your new 2030 model TV implements this fingerprint system as well so you can't just cast this file to your 100" display in your living room.
This is to say nothing of other forms of content (applications / games / web pages) that actually could require attestation / DRM HW / always-on internet to run.
jandrese
I was thinking of someone hacking a capture device that sniffs the output matrix of a display in order to capture the video and has a line-in plugged into the drivers on the speaker. Way out of reach of most people, but only a very small number of people need to be have the wherewithal to do it to keep the pirate scene going, especially if they live in countries that don't care about your DRM laws. The analog hole exists so long as people don't have DRM directly implanted into their eyeballs.
fc417fc802
[dead]
MBCook
I fully get the DRM hate.
Now I don’t really follow the Windows world but I thought the goal of the newer TPM stuff was to be able to provide a trusted boot chain the way Apple does. I’m under the impression that some of the earlier versions allowed the TPM module to be a separate piece of hardware from the CPU and thus exposed an hardware attack path where someone could snoop or man in the middle.
If you have a full trusted chain you can certainly use that to ensure that the DRM isn’t being tampered with. But I kind of doubt that’s the main reason behind all of it. There are enough good reasons they may want better security on the hardware outside of that it seems justifiable that they might push it.
I’m not arguing it’s good or bad, I just don’t think it’s 100% about DRM and the rest is a smoke screen.
NotPractical
> to provide a trusted boot chain the way Apple does
Your flaw is assuming that Apple's only doing that for your security and has no ulterior motives. But iOS apps are disabled and Netflix reduces to a lower resolution when you disable System Integrity Protection on a Mac (among other things?). The trusted boot chain is clearly a DRM enforcement tool in addition to being a security feature.
https://github.com/cormiertyshawn895/RecordingIndicatorUtili...
yakaccount4
Deploying some sort of TPM remote attestation for DRM requires every component from every vendor to play nice, so I don't think you'll ever see that rolled out for Windows.
I would guess that the actual push for TPM is to have 'better' BitLocker, and Passkey support.
In practice the default BitLocker+TPM configuration isn't that great (no user entropy/pin, dTPM is basically worthless).
I have no actual understanding for how TPM is involved for Windows Hello/WebAuthn/Passkey or whatever, but at a glance it would seem Biometrics without a TEE seems like a very weak link.
MBCook
I figured it’s more about ensuring the kernel and boot loading and OS are 100% unmodified by attackers/malware.
If that helps with bitlocker or passkeys or whatever that’s great. But I assume at its base it’s a pure integrity play.
I would think that would also let you know the public key stuff used to communicate with hardware authentication like a fingerprint reader is secure too, but I don’t know how that stuff works well enough to know if that’s true.
davidczech
TPM can measure the Secure Boot state for later reporting (attestation) but when it comes to DRM, that’s not a terribly interesting bit of information, knowing the firmware and kernel are valid, when the configuration of the OS and installed applications is really the important part.
As far as I know there’s no real scalable way for that to work in the Windows ecosystem.
cannabis_sam
DRM is a government sanctioned desecration, by corporations, of your private property rights, by its very definition.
Whether it’s in the GPU, CPU, TPM, or any other part of computing property you ostensibly own, is an utterly irrelevant distraction, the root is the unholy alliance of government and capital power.
lxgr
No, if anything, the fact that governments allow businesses to only "license" you digital content, i.e. not give you the option to actually acquire property rights in it, is. DRM is just a technical implementation detail downstream of that.
creddit
> the root is the unholy alliance of government and capital power.
And Labor too, don't forget!
https://www.backstage.com/magazine/article/sag-aftra-back-an...
ChuckMcM
This is a much more accurate statement than the hate on the TPM. As the article describes, it is the GPU that has its own separate memory space that it can show on the screen without the CPU being involved at all.
I expect next generation workarounds will involve virtual GPUs.
mike_hearn
If that worked it'd have been done over a decade ago.
The remote server is handshaking cryptographically with the GPU itself, which identifies itself using certificates and keys tied at the factory. You can't emulate such a GPU unless you find a way to steal the keys.
Retr0id
A virtual GPU is useless if it's not provisioned with the relevant key material.
MadnessASAP
I have to wonder A) What does DRM realistically accomplish for the media companies? And, B) How are these DRM schemes actually being defeated? I do occasionally don my pirate hat* and have never had an issue finding what I want at the quality I want within an hour of a episode/movie being released to streaming. That would seem to indicate that these efforts at DRM are actually failing to have any noticeable effect at all.
[*] Jellyfin & and the -arr daemons are far more usable and stable then wading through the various streaming services interfaces, so I'll download episodes even though I do actually pay for the streaming services.
pornel
Piracy is just a convenient excuse.
DRM is really about control. It's a technical trick that thanks to DMCA anti-reverse engineering clauses becomes a legal trick to dictate exactly who and how can play the content, much tighter than what copyright and consumer laws allow by default.
For example, without DRM you couldn't effectively sell separate licenses for computer screens and TVs, because users could just connect their computer to a TV.
DRM allows negotiating everything about distribution, up to who pays who for having a button on the TV remote.
Those who control the DRM have a veto power over everything, and have it viciously enforced internationally thanks to it being tied to copyright.
pie_flavor
What are you talking about? You can connect your computer to a TV just fine. No, lost sales are not 'just a convenient excuse', the sales they lose to piracy are far more numerous than the ones they'd gain with this fictional system that relies on people being willing to throw away money for no reason. 'It's about control' is a favorite element of conspiracy theories but corresponds to no real-world corporate need.
majormajor
DRM has likely had a big impact in shifting the casual consumer conversation to "hey they're gonna start down on account sharing" from early-2000s style "here's a straight-up copy I made for you." And this helps prop up the "they'll get a Netflix account to binge the same three shows over and over" part of the business model. The cumulative monthly cost adds up but it feels cheaper than forking over a few hundred bucks for a few box sets + buying a disc player.
None of the hurdles stop 100% of people. But every hurdle causes some people to stop bothering.
watermelon0
In many cases, downloading torrents and watching on a laptop/PC has a better UX than using streaming services.
For example, it's impossible to watch 4k content on popular streaming services if you use Linux, and even with macOS/Windows you need a specific combination of hardware + OS + browser, if a service even offers it.
LegionMammal978
To be fair, UX isn't only about the point of consumption. 4k torrents don't grow on trees (luckily, 1080p is good enough for my own tastes), and for old or less-popular movies, it's often tough to find seeders, or they all upload at 100 kbps or only have half the file or something dumb like that. (At least on the public trackers I'm aware of: I have no clue what goes on in the super-duper-exclusive private trackers that some love to boast about.)
So I'd put accessibility and consistency as important parts of UX that torrenting can often miss out on. For the common person who is using Windows/Chrome, macOS/Safari, or a gaming console, those parts can easily be more important.
Of course, these methods start to shine when legitimate methods are even less accessible. For instance, U.S. sports streaming is an absolute mess with multiple networks, regional blackouts, etc., on top of buggy apps, so that you sometimes can't watch a game legally for any price. People have widely picked up illegal streams as an alternative, usually preferring familiar platforms like YouTube if the streams aren't taken down quickly enough.
paxys
Without giving them any further instructions, ask all your non-technical friends and family members to (1) watch a popular movie on Netflix/iTunes/Amazon/Google Play and (2) torrent the same movie. Report back on how many are able to successfully do 1 vs 2. That'll tell you how good the respective user experiences are.
thomastjeffery
It has much better UX, but much worse accessibility.
You have to learn how to navigate an ever-dwindling list of trackers and probably a VPN, which is already too tall a hurdle for the overwhelming majority of people. Time is often worth the price of a 4K Roku and a subscription, even though that's still a technically inferior experience at the end of the day.
Piracy has two very hard problems: privacy and moderation. Moderation requires authority; authority requires trust; and trust relies on identification. I think we might be able to resolve this by replacing moderation with curation, but that's going to take a lot of ground-work that I'm too ADHD to do myself.
fc417fc802
[dead]
jakogut
There's always an analog loophole. Even if the OS is unable to access the memory storing the decrypted data, you could always just plug the output of the machine into a capture card and capture the decrypted stream that way.
I suppose some monitors and TVs have "features" to cryptographically handshake with the GPU and ensure a secure link, but at some point the data must be decrypted and decoded to be displayed. This doesn't seem like much more than a speed bump for a motivated individual.
tasn
The end goal is DRM all the way to the screen. No capture cards will be allowed.
It's a cat and mouse game, but I wouldn't discount these efforts as a mere speed bump. Screen enforced DRM will make things much harder. A motivated individual with the right tools and hardware hacking know how may be able to jailbreak a screen to record stuff, but that's going to make things out of reach for most people.
soerxpso
It doesn't matter at all how out of reach it is for most people. As long as one kid in Russia can do it, the torrent is available for everyone in the world just as soon.
This has already been shown with videogame DRM like Denuvo. It's so hard to crack that only a handful of people know how, and yet they end up racing eachother so eagerly every time a new game comes out that it's usually done in under 24 hours. Unless you can beat "so secure that only a handful of people in the world can crack it" the situation will always be the same.
geerlingguy
With how good modern screens are, and how good cameras are (and how easy both are to hack), you could always play back the video and capture the photons through the air.
There was something called Macrovision back in the VHS/DVD days that tried to defeat digital/analog conversion, and I'm sure visual techniques could be devised...
But I imagine someone with a good OLED and a good mirrorless camera (or even a cell phone nowadays) could make a pretty good 4K replication of any media that displays.
baby_souffle
> The end goal is DRM all the way to the screen. No capture cards will be allowed.
Sure, but the closer you get to the eye ball, the bigger the loophole is.
It's not common anymore, but _way_ back in the day, some releases were made *in the projection booth* with a semi-pro camera on a tripod pointed at the screen. (look for old NFO files with `TS` or `TeleSync` in them to get an idea of when this was common-ish)
The analogue loophole will remain open until there's a HDMI to optical nerve technology that we're all forced to get at birth.
orev
There are many USB capture dongles with chips that ignore DRM, easily available for cheap at popular online stores. Nobody has to go as far as jailbreaking screens.
mysteria
In this case the piracy model might change into something like the software cracking scene where groups with specialized skills and equipment would be the ones doing the uploading. Regular people wouldn't be able to make copies with a capture card to send to their friends but popular films and shows would definitely still be released by those groups.
Bancakes
Or I just split the raw pixel values from the monitors t-con board.
rustcleaner
I can always just not consume the media. I will never pay for that hot garbage anyhow.
DRM won't make me pay, it'll only take your trash out of my mindspace... which is probably a blessing anyway.
mike_hearn
There is no analogue loophole, that's like 15 years behind the curve. Cinavia closed that a long time ago and meant that licensed devices like Bluray players, even TVs, can detect cammed recordings even those cammed in movie theatres.
Of course you can try to play them with hardware that doesn't follow the rules. But there's a finite number of vendors, so that isn't necessarily easy.
ls612
I’m confused, you’re saying the TV can tell if someone is pointing a camera at it? That seems highly doubtful.
loeg
Yeah, but pirate groups are getting the original streaming service's compression without re-encoding (so-called "WEB-DL"), even of 4k content. There's a weaker link somewhere.
lksaar
WV L1 Keys/ PR SL 3000 keys require breaking into the TEE to steal those decryption keys.
Ever wondered why netflix 4k web-dls take a while for less popular shows?
Netfliy monitors these more tightly apparently and blacklist keys that are used to download. Then the group needs to buy some new device, the old one is burned.
bambax
Yes, DRM are a perfect example of the "Smart Cow" problem [0]. This is so obvious that, as you say (A) it's quite obscure why media companies still bother with DRM?
The only beneficiaries of DRM seem to be hardware vendors, and even for them it's unclear if it's a net benefit, since it makes everything more expensive.
fluidcruft
Probably advantage of DRM is that circumvention can be criminalized and absence of DRM implies circumvention.
AnthonyMouse
What advantage does this have over just criminalizing the underlying infringement regardless of DRM?
Also, how does criminalizing it actually help anything, since the difficulty is in the scale of it happening and the difficulty of detecting it rather than the severity of the penalties, and imposing draconian penalties on random kids only turns the public against you?
n144q
DRM has definitely made pirating more difficult, and that is good enough for media companies, even though it is not enough to stop all forms of it. Also as others have pointed out, often it has more business/legal meaning than technical meaning.
One example -- it has made creating pirated videos almost inaccessible to most people. In the past, if all other methods fail, you can always just record your screen with a common recording application. That's not possible with GPU enabled DRM, which is enough to stop a casual consumer to share a movie to their friends (even at a less ideal quality).
> have never had an issue finding what I want at the quality I want within an hour of a episode/movie being released to streaming.
That's because you are consuming mainstream/popular media. You often won't find recordings of a lot of performance art (ballet, concerts etc)* and I-am-not-going-to-name-it-content because there is a lot less demand.
* an interesting exception is that a lot of content released via Blu-ray gets decrypted, ripped and torrented.
lotharcable
> A) What does DRM realistically accomplish for the media companies?
Control publishing rights, platforms, software and hardware that is used for the consumption of said media.
The publishers control the DRM, which then needs to be licensed by television makers, software writers, and such things. Then that gives them control over how is it presented, how it is sold, how it is consumed and it forces everybody to agree to their terms.
It is a power thing. They want to have power over other businesses. DRM laws help them do that.
> How are these DRM schemes actually being defeated?
Well I don't follow DRM piracy stuff, but at a high level the people that want to consume the media must be able to decrypt it to enjoy it. So if you buy one of these DRM devices and figure out how they work then you can decrypt anything that is compatible with them.
And you only need to decrypt it once since digital media can be copied a infinite amount of times.
AnthonyMouse
> It is a power thing. They want to have power over other businesses. DRM laws help them do that.
This is the argument for repealing them, which is why you rarely see them making it out loud.
Instead they come up with some rubbish about making it marginally more difficult (spoiler: it's still easier to pirate stuff than use legal services and the only thing actually preventing everyone from doing it is that some people want to follow the law). So it's good to knock those fake arguments down when you see them and leave no excuse to keep the bad laws that ought to be repealed.
Accepting their actual motivation like it's a legitimate reason to keep those laws is like saying the reason we should keep doing the stuff Snowden revealed is so the intelligence agencies can spy on the elected officials regulating the intelligence agencies.
dannyobrien
IIUI it's mostly a question of a mess of contractual language and incentives. Rightsholders license content, and in their licensing contracts they require a certain level of DRM for certain products. So streamers, etc, implement the DRM to comply with those contracts. Nobody at any level has an incentive or leverage to change the contracts, so the DRM continues.
cryptonector
That and also various principals are under the impression that DRM is possible, therefore they should implement it because it protects their IP, and protecting their IP is a fiduciary duty, therefore they must if they can.
anticensor
> protecting their IP is a fiduciary duty,
This is not the case, unless we are talking about trade secrets, and in case of trade secrets, only applicable to board members and employees.
codethief
> IIUI
If I understand incorrectly?
(Jokes aside, though, I haven't been able to figure out what IIUI stands for.)
undefined
merrywhether
If I understand it?
throwaway654322
> B) How are these DRM schemes actually being defeated?
1. Disable video hardware acceleration in browser (preferably FF)
2. Open OBS studio
3. Record screen while streaming service of your choice is running.
Still works in modern OSs like Windows 10.
You're technically not circumventing the DRM decryption routines when you do this since the pixels displayed on screen have already been decrypted (just like recording cable to VCR post-decryption), so the legality of it is towards the lighter grey end compared to ripping DVDs. IANAL though.
jsheard
That only works with the weaker tiers of DRM which are typically only allowed to stream low resolutions. As mentioned in the OP article, the stronger DRM tiers never make the cleartext visible to software and those are mandatory for high quality streaming.
Not to say the stronger tiers never get broken but it's a lot more involved than just recording them with OBS.
kuschku
You can get HDMI capture cards that do 4K30 HDR while removing HDCP for $20.
Use Microsoft edge for playback (so you get 4K HDR). Stylish as addon to remove any player hud.
Especially useful if you want to legitimately use copyrighted content but obviously can't just use a pirated version.
Thorrez
Netflix limits FF and Chrome on Windows to 1080p. On Linux it's even worse: 720p.
And up through Dec 2023, FF and Chrome on Windows were limited to 720p. That's right, it wasn't until 2024 that Netflix on Chrome on Windows supported 1080p... That's what, 15 years after 1080p monitors became common?
https://web.archive.org/web/20231229030336/https://help.netf...
_yb2s
There’s some technical details missing here. I get decrypting the video on a gpu makes it harder to screen capture, but can’t you just still emulate the GPU in software or directly capture the digital video output? The GPU still has no unique hardware private key, right?
jsheard
Capturing the digital video output is supposed to be prevented by HDCP encrypting the signal, but in practice that's pretty well broken. That is a (slowly) moving target though, each time they roll out a new HDMI version (e.g. for 4K) they get to enforce a new version of HDCP which needs to be broken all over again.
I don't think the version of HDCP attached to HDMI 2.1 has been broken yet but that's kind of a moot point because no current video formats require more than HDMI 2.0.
pavon
Also note that the HDMI Forum refuses to allow AMD to make an open source implementation of HDMI 2.1 in their drivers for this reason.
timewizard
It's hilarious to imagine the meeting where they finally convinced themselves they could put worthwhile lasting encryption in consumer devices with a 10 year+ installation lifetime.
What a complete and total waste of effort.
_yb2s
I suspect bad encryption still does exactly what they intend, because it means there is no simple one click solution built into an OS or browser to download streaming media for later watching or sharing with friends. For example, a lot of regular modern OSs have the ability to rip and share an unencrypted audio CD in a simple intuitive way with no shady pirate software to install.
It's a legal hurdle, not a technical one that prevents the 'above the board' software suppliers from adding this feature.
Pirates clearly are able to extract the 4K video and upload them to torrent sites, but the average media consumer would rather pay a netflix subscription fee that deal with the shady underworld of those sites with the virus installing and crypto mining popups, warning letters from your ISP, etc.
They've managed to make it hard enough that the number of people that do it is insignificant to their bottom line.
mike_hearn
Hilarious ... if you don't understand modern DRM, yes.
Modern games console security shows you can easily build DRM that lasts 10+ years. Xbox One came out in 2013 and was never properly breached during its entire lifecycle, Xbox X/S replaced it and have also not been breached. Microsoft figured out how to make strong DRM ~15 years ago on devices they design and manufacture. There's nothing wasted about that effort given that it lets them subsidize the console costs and block cheating.
ls612
All the HDCPs are broken by those cheap Chinese splitters which downgrade it to 1.4 (allowed by the specs for some reason) and 1.4 is thoroughly broken. At least that was the case last I checked.
p_l
The parts involved in protected Audio/Video path do have their own encryption keys and hardware support outside of anything touched by the OS. In fact it's major part of what Intel Management Engine does if you do not have the "advanced" license for remote management, and AFAIK why AMD PSP on normal AMD cpus has closed source firmware. Both are responsible for setting up protected media path and both are interrogated by DRM modules to setup encryption.
mjg59
The details don't seem clear, and I don't know that there's necessarily a unique key rather than stuff being batched, but basically yeah there's a cert chain back to a "trusted" source
elthjan
how does the decryption key get into the GPU?
are GPU's currently shipping preprogrammed with keys used in DRM?
Mindwipe
Yes, every* card since the Kaby Lake iGPUs or Nvidia 1080 cards.
*To all intents and purposes, I'm sure there's some exceptions with no market share.
transpute
Some GPUs have their own silicon root of trust.
Intel ME has a role in PAVP (Protected Audio/Video Path).
Mindwipe
> The GPU still has no unique hardware private key, right?
GPU's have had unique hardware private keys and secure memory for a decade.
_yb2s
How does the remote streaming server know a key is an authentic hardware GPU that hasn't been compromised, and not something you just generated in software, to enable software level decryption of the media?
It seems like you'd need some central SSL like certificate authority to verify and revoke credentials that were universally implemented in the same way by all GPU manufacturers.... surely there is no such thing?
kbolino
At least for HDCP, that's exactly how it works. From the HDCP 2.2 spec [1]:
> Device Key Set. An HDCP Receiver has a Device Key Set, which consists of its corresponding Device Secret Keys along with the associated Public Key Certificate.
> Public Key Certificate. Each HDCP Receiver is issued a Public Key Certificate signed by DCP LLC, and contains the Receiver ID and RSA public key corresponding to the HDCP Receiver.
> The top-level HDCP Transmitter checks to see if the Receiver ID of the connected device is found in the revocation list.
[1]: https://www.digital-cp.com/sites/default/files/specification...
mjg59
There doesn't need to be a central CA, you just need to establish trust with the DRM vendor. The GPU vendors coordinate with Microsoft to make Playready work, Android devices have certs that can be validated by Google for Widevine, Apple just does their own thing.
Asooka
Making your own GPU sounds intriguing. You could hook up a small ARM computer to the PCI slot and implement a GPU in software. A very slow GPU obviously, but fast enough to decrypt the video frames. I'm not sure if you'll be able to write a driver for it that will seem legit to Windows.
Stagnant
Yes, you can get around it by playing the video in a virtual machine and capturing it from the host. For widevine videos playing in browser it is also as trivial as disabling hardware acceleration from the browser's settings.
forty
Doesn't the article forgot to mention that TPM allow to do trusted boot and remote attestation ? It sounds like to me that could very well be used to make software DRM more efficient (by making sure you run a DRM friendly OS for example)
lxgr
But so does a USB-connected security dongle. Does that make USB "complicit in enforcing DRM"?
TPMs are really just embedded Yubikeys. Unless your UEFI/BIOS "conspire" to supply them with boot measurements, and your OS in turn conspires with that to carry these measurements forward and provide them at the application layer, TPMs can't harm your freedom.
TPMs are a much more "freedom neutral" technology than people generally assume in these discussions.
forty
The TPMs are already provided with boot and OS measurements for secure boot purpose which would allow DRM to confirm you use an approved OS kernel, so I guess the computer is already conspiring. And the conspiracy could be enforced by videos distributors in exchange for the privilege of having HD content.
mjg59
It could, but why? They've come up with a solution that avoids having to place any trust in the OS at all, so why introduce additional complexity and fragility?
stackghost
>The FSF's focus on TPMs here is not only technically wrong, it's indicative of a failure to understand what's actually happening in the industry.
This sounds 100% on-brand for the FSF. The FSF's primary public-facing persona has peculiar computing habits so far removed from the mainstream that it's likely he has absolutely no clue how the real world works.
In fact by his own statement he has to rely on volunteers to update his website.
It's disappointing to me because the FSF could be so much more influential today, but the cult of personality around RMS has really destroyed their public credibility among "normies", the most important demographic to convince.
When the FSF finally realizes that a political organization such as theirs needs a public face with charisma and social skills, it will be too late.
_yb2s
“Normies” are never going to care about the stuff the FSF is interested in. I don’t think you can extract the philosophy from the eccentric personalities that created it, they’re one in the same.
stackghost
Normies are who you need to convince if you want to effect social change.
If the FSF sticks to their current mission of preaching to the choir, they'll remain about as relevant as they are today, which isn't a lot.
zb3
People in power and people with money are who you need to convince..
solarkraft
If you believe that normies deserve computing freedom (this doesn’t seem to entirely be consensus in the scene), it ought to be a goal to explain the benefits of it in a way that they will understand. Some may still not care, but my experience is that a good part actually does. If nothing else this is good leverage to influence change for one‘s own interest.
roenxi
The benefits are incomprehensible to "normies" and they have no power to effect change. They're just going to use whatever software gets put in front of them. All the progress - which has been substantial, free software is basically everywhere and does everything - has come from highly motivated and technical individuals who are anything but normal.
That follows a basic pattern for any effective change, normal people pretty much always just whinge and achieve nothing. They're lucky to even be allowed the pittance of political power that is voting, historically speaking.
_yb2s
Most people just want to be able to access media easily with no effort- which they already can do with cheap streaming subscriptions. They have no interest in owning the rights to use it forever, or in downloading or copying it. They wouldn't want to take the time to figure out how to do that, even if they legally could when they can already just click and play.
I think if you want people to care, you need to find a real world case where they are being blocked from doing something they really want to do- the abstract philosophical arguments about freedom are total non-starters.
Possibly an alternative media supplier that was fundamentally less hassle, faster, and more reliable because it didn't have these systems could get people to switch. But good luck getting the digital rights owners to let you put their content on your platform.
Or maybe convince people they can get higher quality media that way. I have a newish Mac with an amazing HDR screen, but few of the streaming sites are willing to stream the HDR content to my device.
talldayo
I think that's a misunderstanding of what the FSF stands for overall, though. The FSF can never be a diplomatic negotiator for the benefit of free software; they are idealists, even when it serves against their own interests. Their whole shtick is not settling for half-baked appeasements, and so they're destined to be a pariah of the tech industry at-large. Neither you nor me can stop them, it's entirely within their right to advocate and for practice simpler software.
The statement criticized by the OP certainly seems warranted, but it's less endemic of the FSF removing itself from the mainstream and more like the mainstream has abandoned free software.
> The FSF's primary public-facing persona has peculiar computing habits
You know, the FSF would probably argue that our computing habits are the peculiar one. And unless you can tell me about the code your iPhone runs in detail, they're probably (albeit begrudgingly) correct.
stackghost
There's no misunderstanding on my part; it's why I said that their ignorance is totally on-brand.
>more like the mainstream has abandoned free software.
Indeed, because free software development is largely driven by ideological purity rather than feature parity. Mainstream users see Free Software people as irrelevant kooks, and thus easy to dismiss, which is why Free Software has so utterly failed as a movement.
>You know, the FSF would probably argue that our computing habits are the peculiar one.
I'm sure flat-earthers feel that my belief that earth is an oblate spheroid is peculiar, too. Of what relevance is that to anyone?
>And unless you can tell me about the code your iPhone runs in detail, they're probably (albeit begrudgingly) correct.
We'll have to agree to disagree. The emacs developers don't even understand how large chunks of emacs work (per emacs-devel), for example. There's too much software out there for one person to keep in their head. This is not a reasonable heuristic.
badsectoracula
> Indeed, because free software development is largely driven by ideological purity rather than feature parity.
This "ideological purity" didn't come out of nothing, it came out of the very practical issue of who is in control. People forget that RMS came up with the whole thing because he wanted to fix a broken printer and was denied the source code that could help him fix the issue.
He wasn't siting in some ivory tower coming up with abstract philosophical questions, he was in some lab and had an actual practical problem he wanted to fix.
talldayo
> Indeed, because free software development is largely driven by ideological purity rather than feature parity.
Ideological purity is a valuable thing. Look at Minix, hell, even look at the BSDs today. These are projects that have collapsed because of their feature obsession and ignorance of ideology. The differentiation of ideology is what makes free software uniquely successful - it is the feature.
> Mainstream users see Free Software people as irrelevant kooks, and thus easy to dismiss, which is why Free Software has so utterly failed as a movement.
Mainstream users don't think about Free Software at all. They certainly use it though. They rely on it, to provide and maintain the runtime their cell phone and iPad and router all depend on. It probably runs an RTOS on their grandpa's CPAP machine, it probably occupies the DVR for their cable TV and it's likely running on their games console and personal computer, too.
Free software is even more inescapable than proprietary software. If users cared enough to understand the difference, you and I both know they would accuse the businesses of being the irrelevant kooks. Not a single "maintream user" I know would defend Apple or Google or Microsoft's business practices as software companies. No one.
> I'm sure flat-earthers feel that my belief that earth is an oblate spheroid is peculiar, too. Of what relevance is that to anyone?
As the other comment suggested, this is both an insincere response and one where you are the flat earther here. The FSF has reasons that they hold the principles they do, and you haven't refuted any of their ideology. You are the guy lambasting Gallileo, and when Gallileo asks you why heliocentrism offends you, you are replying "because the mainstream clergy sees you as kooks." It's not a response at all.
> The emacs developers don't even understand how large chunks of emacs work
Nobody is so stupid that we expect every kernel dev to understand the whole of the kernel. It's folly, and not what I was asking anyways. Nobody at Apple understands how the entirety of iOS works either, but that's not an implication that it's inherently insecure. What makes the FSF balk at Apple is the inaccountability. The lack of reason associated with their statements asserting the privacy and security of a system that sues it's auditors.
If you have a more reasonable heuristic to suggest, I'm all ears.
BlueTemplar
The flat earthers are the people dismissing the concerns of the FSF though.
(The Earth being round doesn't directly matter in practice to most people. It does have inevitable consequences though.)
Or perhaps a better example is anthropogenic climate change : here too the implications are extremely inconvenient for most people, so denial is rampant.
omolobo
[dead]
likeabatterycar
The FSF has turned into the crazy old aunt that insists you unplug the coffee pot after use in case it's bugged. It's taken me a long time to come around to the reality that they are holding Linux back at every juncture, probably still salty over the GNU/drama.
Modern TPM support in Linux and systemD now permits automatic disk unlock for LUKS encrypted volumes using a key stored in the TPM - some ~15 years after Windows could do it.
I wonder what the TPM support is like in the HURD - ha!
The only complaint I have about the TPM is there is no standardisation in connectors, pinout, or bus type when it's not soldered onto the board. I have three motherboards with plug-in TPMs and each required a different, unique part that was difficult to source.
solarkraft
While I broadly agree, I think it’s worth pointing out that they have made some compromises for practicality, the inclusion of MP3 software before patents had expired comes to mind.
devops99
We have had "FDE" and secure boot with TPM in higher-than-commercial (defense) and the higher end of commercial settings for Linux, BSD, and illumos since TPM 1.2 was available, and I'd have to dig in some places to confirm but probably before Windows did in actual practice anywhere (let alone officially).
Yeah, Debian/Ubuntu, Fedora, etc didn't have this, but as the saying goes: you get what you pay for. Although enough of the Gentoo users (the real Gentoo users) have such a thing had it around that time too, if they wanted it (and they tend to put together what they want).
Some essential context: if you think the "Linux community" is elitist, wait until you see the niche commercial (and higher) players. I'm probably an example of such, to be fair.
devops99
> there is no standardisation in connectors, pinout, or bus type when it's not soldered onto the board. I have three motherboards with plug-in TPMs and each required a different, unique part that was difficult to source.
This should be prohibited by commercial law.
WeylandYutani
Normal people watch Netflix on a smart TV. Or their phone.
Hell the only reason why I turn on my computer these days is for videogames. I wonder if the decline of the desktop has someone worried at Microsoft.
pjmlp
It certainly has, and they have repented themselves of killing Windows Phone, turns out that when one wants to push stuff like AI and XBox ecosystem, having 10% market share is way better than not having none at all.
Then again, they have been so busy with Azure and XBox profits, that Windows development has turned into a mess, of GUI teams fighting for resources, while the apps division couldn't care less, now filled with people that grown up using UNIX instead of Windows, and see Web UIs everywhere.
Hence why Windows might be my main desktop, yet I eventually returned into Web/distributed computing world, disappointed with how UWP/WinRT development turned out.
jancsika
> It's disappointing to me because the FSF could be so much more influential today
I mean, open source advocacy already includes both business-friendly convenience-focused pragmatists and social-friendly, principled advocates of digital freedom who were essentially turned off by RMS's personality and/or approach.
Taken together, their work seems like it sets a reasonable ceiling on what FSF-- or any freedom-based organization-- could achieve.
If I'm wrong I'd like to know what exactly the FSF could have achieved in your opinion that's above that ceiling, as well as the tactics they'd have use to get there.
theandrewbailey
It's been very clear to me for many years that the FSF is staffed by a bunch of out-of-touch boomers who believe that Microsoft is the end-all be-all of evil tech. That was probably true 30 years ago, but from their rhetoric, they've ignored how the computing landscape has changed. Namely, the ways smartphones are walled gardens that screw over people, often in the same ways Microsoft has. I've heard them mention in passing that Apple, Google, and Facebook are bad, but the volume of material directed at Microsoft overwhelms anything else. To the FSF, if it doesn't happen on a PC, its not a priority. It still amazes me that they're hurt over Linux stealing their GNU name/tools/momentum, but hardly a word is written about how Google stole Linux to make Android, and how the Android ecosystem is a complete betrayal of free software's values.
mnot
The embedded politics of the “t” in “tpm” and “tee” are super interesting and revealing. They are “trusted” only from the perspective of the developer; to the user, they represent the complete lack of trust.
mjg59
On the contrary, it gives me various ways to determine that my laptop is in a trustworthy state before I type a password into it, and it makes it possible for Signal to verify that the server it's communicating with hasn't been tampered with. It can be used in ways that hurt the user, but it can also be used in ways that benefit them.
lxgr
Suggestion for a compromise: Make it mandatory for TPM vendors to provide a user option to wipe all attestation keys and rebrand them as “embedded security keys” (and maybe promise to never use them for DRM, which per TFA nobody is anyway).
I feel like untangling the attestation capability (which I do believe has non-user-hostile/non-zero-sum uses!) from the secure key storage one might ultimately help their adoption.
anal_reactor
Ah yes. DRM.
1. Companies offer service that people don't want to pay for, and blame piracy.
2. Someone realizes that they can eliminate piracy and make lots of money by offering good service.
3. Piracy slowly dies, because people prefer €5 monthly subscription over torrent.
4. Other companies catch up. The market gets fragmented. By the nature of the market, it becomes impossible for one company to offer clearly good service.
5. Piracy gets fashionable again because it's more accessible than having twenty €50 subscriptions, half of them with ads.
6. Companies offer service that people don't want to pay for, and blame piracy.
DoctorOetker
7. People blame FSF for not ridding them of evil as they walk through the valley of death.
p0w3n3d
you've nailed it
PeterStuer
But afaik the TPM (or fTPM if no chip is present) is used to establish and restrict trusted access to the replay-protected memory block that the GPU (or other) DRM chain services depend upon to do their thing.
IMHO the author does overrestrictively interpret the FSS statement to discredit them.
mike_hearn
No, TPM isn't involved with PAVP at any point. Matthew is correct about how it works. This is a typical case where social activists are light years behind the curve and don't really know what they're talking about at all.
Get the top HN stories in your inbox every day.
The author is correct in that media DRM is tied to GPU vendors on the field right now.
But hardware backed DRM can be so much more invasive beyond that. I have no doubts the long term goal of MS is to have a Windows version of Play Integrity.[0] So total control over everything that happens on your device. Just to give an example of what could happen if this becomes reality: https://en.m.wikipedia.org/wiki/Web_Environment_Integrity
This tech extended to browsers could easily mean that sites could refuse to serve you if your machine is running any bigcorp unapproved software. An easy example of that would be adblockers.
Unless we get lucky with secure world compromises like the Tegra X1 bootrom exploit[1] or get real good at passing legistlation that forces companies to give you all the private keys to your own machine, the future for personal computing is looking grim.
[0]: https://developer.android.com/google/play/integrity
[1]: https://github.com/fail0verflow/shofel2