[html5] Video Security

Matthias-Christian Ott ott at mirix.org
Sat Feb 12 04:44:58 PST 2011

On Sat, Feb 12, 2011 at 03:00:08PM +0300, Dmitry Kharlamov wrote:
> It all sounds good and swell. But unfortunately your message does not
> qualify as an answer. So what if the technology is open source? Our premium
> content is not, we spend tens of thousands of dollars on it and want
> something in return. Sure, it's possible to break any protection but at

As I tried to explain that even a Free Software/Open Source DRM can't be
is impossible. I understand your problem and see that you have a running
business which you believe is only profitable with DRM, but there won't
be an open standard based solution for your problem. If you want to go
with an open standard and acknowledge that DRM is impossible, I suggest
to develop anonther business model in the long term or hope that Flash
or similar technologies will save your business — HTML5 probably won't.

If you can't find another business model that works, I guess the
internet destroyed or will destroy your business in the future as it
did with so many things (take move rental stores as a current example).

> least disabling download ability for some video files would be a start. It's
> just not right to make the videos so easily downloadable, this way the HTML5

The problem is, you still break the DRM even if you don't understand it.
Given sufficiently attractive content or protection technology sooner or
later somebody will develop a software which allows everybody to copy
the content with a blick of a button.

And even it this doesn't happen, there is still the analogue gap. I
remember that maybe 10 years ago people used to go the movie theatre and
filmed the screen with a camera. You can't stop this.

DRM is a cat and mice game. You have change technology often and have to
have the new technology ready before the old one is broken. Over time
these technology cycle becomer shorter and the technology becomes more
expensive, because the attackers become more experienced. The only
person who can survive this in the long run is the attacker.

>From a pragmatic standpoint you can only hope that your technology is
unattractive as a challenge for crackers and your prices are so low that
nobody would waste the time to circumvent your DRM it for this reason.

> video will never replace Flash because Flash has a streaming platform and
> even without DRM protection it's still quite problematic for an ordinary
> user to download the video. What I am saying that if HTML5 video is really
> set to takeover the video on the web it must allow streaming, give
> publishers control over the availability of the content and ways to view it.

The problem is that once data leaves your computer, you lost control
of it. HTML5 isn't developed to solve impossibilites.

You will probably have to stick to Flash or similar technologies. If you
want to use HTML5, you will have to implement your DRM in JavaScript and
your implementation will be really slow.

> Frankly, YouTube are thinking the same. So, please, could anyone give any
> hope to this? Or are we stuck with Flash for the rest of the days?

For this matter I believe so.


> On 12 February 2011 14:25, Matthias-Christian Ott <ott at mirix.org> wrote:
> > On Sat, Feb 12, 2011 at 08:25:42AM +0300, Dmitry Kharlamov wrote:
> > > We have a premium video content available via subscription. We are
> > already
> > > using HTML5 video to deliver free videos and are very keen to start using
> > it
> > > for premium content. However, the main consideration is how copy
> > protected
> > > we can be using the HTML5 video formats. At the moment we are using the
> > RTMP
> > > Streaming solution along with Flash DRM protection. Is there likely to be
> > or
> > > maybe already is something similar for the HTML5 video standard?
> >
> > DRM is a logical contradiction and is impossible. You can't build a DRM
> > system which is based on an open standard without hardware support (see
> > Sun Microsystem's DReaM DRM) and even then it's breakable (PlayStation 3
> > is a recent example). DRM depends on secrecy, obfuscation and security
> > by obscurity which are in contradiction with an open standard.
> >
> > Information wants to be free. You can't make it impossible to copy data.
> > It's simply a matter of accepting this. You should adapt your business
> > model if this is a problem for you.
> >
> > Gruß,
> > Matthias-Christian
> >

More information about the Help mailing list