I don't have much to add here, just wanted to say that I think this is a tremendous gift to the Internet that we loved. It would suffice to say that after many hard reality checks I don't really feel like there are any browser vendors that feel like good stewards of the open web, and it seemed like a new browser that actually managed to break out would be infeasible... until Ladybird showed up. And now, I'm typing this reply in Ladybird.
Of course, it has a long way to go before it is going to be a good daily driver, but I truly believe this is the beginning of something great. I've been consistently surprised by what works, and the rate of improvement is staggering at times.
My question: Has anyone given any thoughts regarding the stance to take with DRM features, e.g. Widevine/Encrypted Media Extensions? It seems like since our previous stewards of the open web didn't care enough, now making a browser with substantial marketshare without this may be hard. Seems like a hard problem, I really do wonder where Ladybird will stand if it continues on its current lightning fast trajectory.
I think it should be possible to have some sort of open extension to allow side band canvas rendering to allow for such extensions as optionally provided by the OS. Possibly with an API for custom engines in WASM.
I don't think it should have to be in the browser. I would like the option to watch the content. I know the while process of DRM is stupid and will be side stepped somewhere.
Personally, I think life would be better if browsers just didn't play the game at all. If the web was not controlled by corporations, DRM as part of the platform 100% would have simply never happened.
From my point of view, putting DRM into web browsers is actively bad for a couple of reasons beyond the usual arguments against DRM. The greatest asset the web platform has is that it's a unified, open platform that anyone can participate in; Of course, DRM harms users too, but specifically DRM harms the web as a platform. You can't simply have a "full" web browser that can browse the entirety of the web (as ordinary users understand it) without licensing Widevine. To date, only large corporate web browsers have ever gotten this privilege[1]; community web browsers are shit out of luck, almost certainly forever. Not only that, but Widevine will only officially support a small subset of the operating systems that are out there, ensuring that you can't get a "full" web browsing experience on, for example, any BSD (at least not without manual work and violating several license agreements on the way.) Even if Ladybird bucks the trend and manages to get a Widevine license somehow, it will only be possible to make this work on Windows, Linux and macOS. Yes, I understand this covers the vast majority of users, but if you can't see how this is extraordinarily antithetical to the open web I don't really know what else to say. The web didn't even begin on any of those platforms!
Of course, I seriously can't blame Ladybird if they want to go this route. After all, in the position that Ladybird is in, pragmatism is a stance that is hard to beat. Ladybird currently doesn't have the muscle to flex to try to influence the future of the web platform in such a way, especially not against the will of the mega-corp overlords that currently control the web platform.
If I had to guess, I'd guess the lack of an answer to my question is because taking the pragmatic stance on this particular issue will prove controversial, though I hope if that is the case that people continue to direct their ire towards W3C and Mozilla who pretty much immediately folded when the issue came up in the first place. In the moment when Flash and Silverlight died, there was a small sliver of hope that DRM on the web would die with it, but instead we wove DRM directly into the fabric of the web, and Mozilla, no doubt afraid to watch their marketshare dwindle even further, (which it has continued to do anyways, mind you,) played a huge part in that.
Issues like this are why there is guaranteed to be vile toxicity when something like WEI comes up. We know that there is no entity out there holding the line to protect the web platform; once one of these technologies like WEI makes it into Chrome, the era of the open web will have essentially ended. If you believe that the open web is important, then any technology that's vaguely WEI shaped is enemy #1, and when there is no other option, people will choose violence, again and again. DRM on the web isn't really quite as dire of a situation, but it isn't particularly great either.
(One might wonder what the point of keeping DRM out of the browser is, forcing users to use separate software, making their overall experience worse... but that's kind of the thing: Why in the fuck should these vendors and this DRM'd content, that is antithetical to the open web, get to benefit from the web platform built and used mostly by people who stand to gain nothing from it? If you want the benefit of the web platform and all it offers, you should be forced to lose the DRM. Otherwise, have fun deploying your own native software.)
Can't speak for others... but I generally pay for a few streaming services at a time. I find a lot of the UX just poor to very bad. I will favor those with shows that I watch. I still torrent the shows themselves as it's easier (for me) to do that then to deal with the various apps on my Shield (they're still there, as my SO seems to use them for random watching).
The networks can still track (to some extent) what shows are popular as torrents, and use that to inform their other advertising efforts. A break out (good) show may show indicators on torrents from word of mouth outside their network, and they can then feature that show in their banner areas.
These aren't likely "profit" directly, but they are and can be factors. Another point is loyalty from those who are able to pay, when they are able to pay. Assuming prohibitive costs are what is mainly keeping people from paying for the content.
They seed and download their own works on bittorrent, then send "scare emails" demanding payment to any ISP with IPs they connect to for forwarding to the customer. A nontrivial number of confused or scared customers pay.
There are more indirect ways, but that is certainly the direct way they financially profit.
>Personally, I think life would be better if browsers just didn't play the game at all.
A web browser is a user agent. Why is the browser deciding anything one way or another? Let the user decide by providing options one way or another. If the user wants DRM access, let them; why is it the browser's business?
Again, the two important words: User agent.
The freedom to decide and choose is what helped Firefox take out IE6 and led to most subsequent browsers featuring some form or another of extensibility (which incidentally is now regressing because web browsers are increasingly developer and publisher agents).
There should be a great diversity in user agents because there is great diversity in personal tastes.
One person's user agent might be another person's "software I would never use".
As a text-only web user I am continually amazed, thirty years in, that web developers and now their CDN service providers are _still_ making incorrect assumptions about what user agent I am using. They are wrong every single time. There is almost zero focus on rate limits but hyperfocus on user agent string or other headers. For most sites I send no user-agent header and this works fine. But when sites want certain headers this tells me the purpose is not "protecting" servers from being overloaded, it is "protecting" servers from web users who will not involuntarily provide commercially useful data/information so that access to them as ad targets can be sold for profit.
Choice of user agent should make no difference. The JSON I'm getting is the same regardless of what device or software I am using. I decide what I want to do with the JSON after I retrieve it.
Imagining how things could be different, there could be "commercial" user agents that people use for accessing their bank acconts online and for other commercial transactions. There could also be "non-commercial" user agents that people use to read HN. Unfortunately, the way things are now people are using commercial browsers for non-commercial web use and exposing themselves 24/7 to unecessary tracking and advertising.
Personally, I only use a commercial user agent infrequently. I'm not doing many commercial tranasctions over the web. Most times, I am using non-commercial user agents. I see no ads and can focus on the text.
I think I see an underlying point though. What other Internet protocol or service requires the user client to supply endless additional arbitrary metadata to even gain access to a resource, let alone receive information? Not even email is that cumbersome for the clientside. Although it is the way it is for better or worse.
Right, pack it up. You all heard the guy with the random username. Corporations have the power to make things convenient so I guess we should just give up and allow ubiquitous corporate control.
> it is "protecting" servers from web users who will not involuntarily provide commercially useful data/information
I don't think it comes down to that, I think it's more about the fact that your browser likely looks more like a bot than it does a human.
Also, rate limiting has a significant overhead and complexity at scale, where agent filtering is relatively cheap and easy to distribute. Though, this is largely a problem that has been resolved many, many times over and the additional overhead is not that bad. All said, I've met too many developers that don't conceptually understand public/private key encryption and would assume they'd mess up rate limiting.
Firstly, I object to DRM being added to the web platform in the first place. It is antithetical to the platform. This goes above the definition of what a user agent is and goes into what the web even is in the first place.
Secondly, users don't really get a choice. Users are fucked because browsers implement features like DRM and websites hard-depend on them. So the user is no longer choosing whether or not to enable DRM, but whether or not they can watch Netflix on their laptop. User agents should not put users in predicaments like this where they are forced to make choices against their own interests. This is one of those situations where nuance is necessary.
If Netflix doesn't work in the browser users aren't going to lean back in their chairs and think fondly of the freedom fighter jchw that protected them from working against their own interests, they are going to open Edge and watch Netflix.
No matter how much you opine the outcome is not going to change, the end users have spoken in what they want in their user agent.
> If Netflix doesn't work in the browser users aren't going to lean back in their chairs and think fondly of the freedom fighter jchw that protected them from working against their own interests, they are going to open Edge and watch Netflix.
Or maybe (hopefully) they download popcorn time instead
Yes... that's pretty much exactly what I said. Users will indeed just do what they need to do to watch Netflix, whether or not DRM is good for them or the web platform.
> Secondly, users don't really get a choice. Users are fucked because browsers implement features like DRM and websites hard-depend on them. So the user is no longer choosing whether or not to enable DRM, but whether or not they can watch Netflix on their laptop. User agents should not put users in predicaments like this where they are forced to make choices against their own interests. This is one of those situations where nuance is necessary.
That's why it shouldn't be a part of the web platform in the first place. Because we shouldn't force users to make choices against their own interests.
Here are some other examples of where we shouldn't force users to make choices against their own interests:
- Users should not have to give up their rights to be able to access legally-mandated warranty services or replacement parts.
- Users should not be forced to accept being tracked.
- Users should not be forced to forfeit their right to be a part of a class action lawsuit to use a product or service.
Try as you might, you're never going to convince anyone that the free market will just magically make all of the incentives align and make "the right choice", these are things that ultimately have to be solved with policy. The closest thing to "policy" on the web is standards, and W3C put EME in the standards despite widespread outcry, and that's why we're at where we're at.
Now the thing is, we have DRM in browsers, but we still don't have Web Environment Integrity, a complete and utter bastardization of the open web that would've made it cryptographically impossible for an open source browser to really meaningfully exist (since compiling it yourself would likely make it impossible for you to e.g. do banking or watch Twitch streams, since it would then fail attestation.) The reason we don't have WEI is because it was widely rejected by the community. Not because users made a choice.
It's nice to think that you can just leave it to the users to pick and they'll always do the right thing, but at the end of the day most people don't have time to care about DRM or WEI. Most people are not technical and just simply don't have the capacity in their day to be concerned about things like that. That's why it's literally the job of people who do have that capacity to fight for the user's best interests and try to avoid users being put into positions where they are basically guaranteed to be fucked.
And frankly, we're not winning the fight.
(This is no different from anything else. The vast majority of people can't be expected to fight for e.g. free speech rights either; it's always going to be a minority of people who hold the line.)
>It's nice to think that you can just leave it to the users to pick and they'll always do the right thing,
>it's literally the job of people who do have that capacity to fight for the user's best interests
A user agent should not be concerned about "doing the right thing", that's none of its business. You are proposing a developer agent, not a user agent.
"Doing the right thing" for the user's best interests is the job of the user agent. It's just that simple. Giving the user a "choice" by implementing anti-features that they will be coerced into using by abusive websites is not really much of a choice. What you're really building there is a website agent, with a side of deception to make it sound like it's actually good for the user. Coincidentally, Google makes a nice website agent called Chrome that serves their needs for advertising quite well.
This is also now the third time in this reply chain where I will point out that I am objecting to the inclusion of DRM technology in web standards, where this pitiful semantic debate about what a user agent is for doesn't even apply in the first place. What is fit for the open web platform and respective standards has nothing to do with decisions made by user agent developers. I am not going to point this out again. Further replies that try to drag this semantic debate out are just going to go ignored by me.
>"Doing the right thing" for the user's best interests is the job of the user agent. It's just that simple.
No, a user agent's sole job is to represent its user. It's right there on the tin: User Agent. Forcing no DRM is just as bad as forcing DRM, it's not the user agent's business to decide for the user. The fact that most user agents today are actually developer/publisher agents is part of the problems we are having.
>I am objecting to the inclusion of DRM technology in web standards, where this pitiful semantic debate about what a user agent is for doesn't even apply in the first place. What is fit for the open web platform and respective standards has nothing to do with decisions made by user agent developers.
Commercial interests are not going to fly the free-as-in-beer pirate flag no matter how loudly you bang that drum, and if the internet is open then those commercial interests also certainly have a right to be part of it.
It's ultimately not a problem if internet standards allow room for DRM schemes, because in a properly functioning system the users will decide through their user agent if they want to engage in DRM schemes or not.
So long as you are fueled by self-righteous dogma with a seething hatred towards people just minding their own business, you're not going anywhere and I would even argue you're actually contributing to the very problems you want to see resolved.
The HN Guidelines state to "respond to the strongest plausible interpretation of what someone says", which is what I did. And yes, I was aggressive, but I don't think it was unwarranted given how strongly he feels about making people "do the right thing" as far as he is concerned.
It would be nice if we could go back(?) to a world where the user operates their computer, not the computer operating their user.
Yes, but as I stated no less than three times, I am talking about what goes into web standards and the web platform. That is before the term "user agent" comes into things, because web standards are about what the web is, not about the programs that serve and access it. It really side-steps the semantics debate quite elegantly, but it's inconvenient for your argument which is shallow and depends on a pretty lame interpretation of the words "user agent".
A user agent should chiefly do what the user tells it to do, but if you pay more attention, you'll see how bad web standards can actually still screw over the user. Because if you make particularly bad web standards, the user agent can still do what the user is telling it to do, but the website can then start behaving in a manner which goes against what the user is telling their computer to do.
If browsers had implemented WEI, a chief use case was to allow websites to control whether extensions and adblocking could be used while browsing their pages. And the clever part is, sure, your user agent could implement WEI "wrong" and let the user do whatever they want, but the attestation would allow the website to decide which user agents pass attestation, so you can't just make a user agent that does what the user wants.
DRM and WEI are pretty similar as they're both technologies that require computer programs to restrict what you can do on your own computer (and DRM does what WEI does with browser choice but in a litigation way instead of cryptographically-attested way), but I will repeat this again for hopefully the last time:
Not wanting DRM in web standards has nothing to do with the definition of a user agent.
One more time:
Not wanting DRM in web standards has nothing to do with the definition of a user agent.
Seriously, stop ignoring this. It's not like I didn't already aggressively state it previously.
Can everybody please stop latching onto specific words? Every retort to my post is about semantics of words. That's not very interesting, and it leads to long sprawling threads that go absolutely nowhere and just look kind of pathetic for both of us.
To be clear, the word "forced" here is not implying doing something against someone's will, it's "forced" in the sense that web properties are "forced" to live with the existing limitations of the web platform, e.g. properties are "forced" to live with the fact that user agents may have adblocking software installed. It is not the result of literally forcing someone to do something.
Of course, it has a long way to go before it is going to be a good daily driver, but I truly believe this is the beginning of something great. I've been consistently surprised by what works, and the rate of improvement is staggering at times.
My question: Has anyone given any thoughts regarding the stance to take with DRM features, e.g. Widevine/Encrypted Media Extensions? It seems like since our previous stewards of the open web didn't care enough, now making a browser with substantial marketshare without this may be hard. Seems like a hard problem, I really do wonder where Ladybird will stand if it continues on its current lightning fast trajectory.