Login at Kodi Home

BFeely · 2017-04-26, 17:24

(2017-04-26, 01:41)matthuisman Wrote: As a developer of a few add-ons that use Widevine - KODI having some sort of support for it would be amazing.

Currently a script to download the widevine /so/dll is required.

Does your agreement with Google require that your software have any privacy or security compromises, to allow producers of DRM'ed content to profile users' computers, etc.?

**h.udo** · 2017-04-26, 23:44

(2017-04-26, 17:24)BFeely Wrote:
(2017-04-26, 01:41)matthuisman Wrote: As a developer of a few add-ons that use Widevine - KODI having some sort of support for it would be amazing.

Currently a script to download the widevine /so/dll is required.

Does your agreement with Google require that your software have any privacy or security compromises, to allow producers of DRM'ed content to profile users' computers, etc.?

http://www.widevine.com/cwip/

cguZZMan · 2017-04-27, 03:51

+1 vote for DRM!

I don't see where the unethical issue is. That's the amazing thing about been an user of free open source software: you have freedom. Freedom to link your Kodi to use a DRM feature that is already in the system or don't! Just like Firefox.
Thanks Kodi devs for all your hard work.

mrwookie · 2017-04-27, 13:21

+1 for Kodi adding low level DRM support! Big Grin

RockerC · (This post was last modified: 2017-04-27, 16:22 by RockerC.)

I highly recommend that Team-Kodi developers and Kodi users alike read this blog-post by the W3C Director about EME (Encrypted Media Extensions) which is W3C's endorsed DRM system:

https://www.w3.org/blog/2017/02/on-eme-in-html5/

I think most things mentioned in that blog-post Sir Tim Berners-Lee very much matches this issue and many Kodi verses DRM questions that developers and end-users might have.

He explains in a non-technical manor why W3C recommends sandboxed EME (Encrypted Media Extensions) over any other DRM system as the standard for streaming encrypted video content.

He goes on to argue why W3C should continue to recommend EME (Encrypted Media Extensions) as the preferred standard in order to discourage fragmentation with proprietary DRM systems.

It's a long post and worth reading the whole thing, thought that I repost just a 'short' quote from that blog-post here which I find a particular good match to these Kodi vs DRM questions:

Given DRM is a thing,…
When a company decides to distribute content they want to protect, they have many choices. This is important to remember.

If W3C did not recommend EME then the browser vendors would just make it outside W3C. If EME did not exist, vendors could just create new Javascript based versions. And without using the web at all, it is so easy to invite ones viewers to switching to view the content on a proprietary app. And if the closed platforms prohibited DRM in apps, then the large content providers would simply distribute their own set-top boxes and game consoles as the only way to watch their stuff.

If the Director Of The Consortium made a Decree that there would be No More DRM in fact nothing would change. Because W3C does not have any power to forbid anything. W3C is not the US Congress, or WIPO, or a court. It would perhaps have shortened the debate. But we would have been distracted from important things which need thought and action on other issues.
Well, could W3C make a stand and just because DRM is a bad thing for users, could just refuse to work on DRM and push back wherever they could on it? Well, that would again not have any effect, because the W3C is not a court or an enforcement agency. W3C is a place for people to talk, and forge consensus over great new technology for the web. Yes, there is an argument made that in any case, W3C should just stand up against DRM, but we, like Canute, understand our power is limited.

But importantly, there are reasons why pushing people away from web is a bad idea: It is better for users for the DRM to be done through EME than other ways.

When the content is in a web page, it is part of the web.
The EME system can ‘sandbox’ the DRM code to limit the damage it can do to the user’s system
The EME system can ‘sandbox’ the DRM code to limit the damage it can do to the user’s privacy.

As mentioned above, when a provider distributes a movie, they have a lot of options. They have different advantages and disadvantages. An important issue here is how much the publisher gets to learn about the user.

If they sell a DVD or Blu-ray disk, they never get to know whether the user watches it. From the user’s point of view they can watch each bit of it as many times as they like without the feeling they are being watched.
If they put it on the web using EME, they will get to record that the user unlocked the movie. The browser though, in the EME system, can limit the amount of access the DRM code has, and can prevent it “phoning home” with more details. (The web page may also monitor and report on the user, but that can be detected and monitored as that code is not part of the “DRM blob”)
If they put it on an app in a closed system like an iPhone, then they get to make whatever DRM they like. They also get to watch exactly how and where the user watches which bits of the movie. If they can persuade the user to allow them other access, such to the user’s calendar, they can completely profile the user, and correlate this with their movie-watching habits.
If they distribute it using an app on an open system like Android or Mac OS X, then they can get the same feedback as on an iPhone app. However as the OS is not a locked-down system, the app may be able to further abuse the user, by possibly exfiltrating further information, and also like, in the Sony Rootkit case, installing spyware on the system.
If they distribute it with their own closed system, like a game console or a set-top box, then the user is protected from spying on their computer. The publisher has complete control of information which is sent back about the user’s play and pause, and so on. The user has no way though to have this as part of their connected web life. There are no links in or out.

So in summary, it is important to support EME as providing a relatively safe online environment in which to watch a movie, as well as the most convenient, and one which makes it a part of the interconnected discourse of humanity.

I should mention that the extent to which the sandboxing of the DRM code protects the user is not defined by the EME spec at all, although current implementations in at least Firefox and Chrome do sandbox the DRM.

BFeely · 2017-04-27, 17:16

(2017-04-27, 16:13)RockerC Wrote: [*]If they distribute it with their own closed system, like a game console or a set-top box, then the user is protected from spying on their computer. The publisher has complete control of information which is sent back about the user’s play and pause, and so on. The user has no way though to have this as part of their connected web life. There are no links in or out.[/list]

Can't the DRM publisher in that case still permanently track the user via their individual hardware devices, seeing as today's game consoles have serial numbers permanently burned into their processors. readable by "trusted" software?

**natethomas** · 2017-04-27, 18:33

@RockerC, doesn't that blog post deal more with the systems used by content providers, rather than systems used by us? I can't really imagine Kodi being able to strong arm the providers into using one system over another.

Ferk · 2017-04-27, 19:34

Imho, using the same aproach as Firefox should be fine.

Firefox is also GPL and they are interfacing with the CDM just fine, and they do it through an "open source sandbox". They don't even need to distribute the closed source software, it's downloaded separatelly from Adobe. Kodi could do exactly the same.

https://andreasgal.com/2014/05/14/eme/ Wrote:
By contrast, in Firefox the sandbox prohibits the CDM from fingerprinting the user’s device. Instead, the CDM asks the sandbox to supply a per-device unique identifier. This sandbox-generated unique identifier allows the CDM to bind content to a single device as the content industry insists on, but it does so without revealing additional information about the user or the user’s device. In addition, we vary this unique identifier per site (each site is presented a different device identifier) to make it more difficult to track users across sites with this identifier.

Adobe and the content industry can audit our sandbox (as it is open source) to assure themselves that we respect the restrictions they are imposing on us and users, which includes the handling of unique identifiers, limiting the output to streaming and preventing users from saving the content. Mozilla will distribute the sandbox alongside Firefox, and we are working on deterministic builds that will allow developers to use a sandbox compiled on their own machine with the CDM as an alternative. As plugins today, the CDM itself will be distributed by Adobe and will not be included in Firefox. The browser will download the CDM from Adobe and activate it based on user consent.

RockerC · 2017-04-28, 08:31

(2017-04-27, 18:33)natethomas Wrote: @RockerC, doesn't that blog post deal more with the systems used by content providers, rather than systems used by us? I can't really imagine Kodi being able to strong arm the providers into using one system over another.

Read the whole blog-post, that quote what just one section taken from it. What I simply mean is that Kodi should implement EME and CDM interface support regardless, as using the EME standard is currently the lesser of all the "evil" DRM schemes.

AvalPlaza · 2017-04-28, 14:31

I dont know what to say about all this other than I am sorry you are taking a lot of heat. I am just happy spending most of my time these days modifying an existing skin for me and my nephew.
Its nothing special, as I can't code or build a skin from scratch. What I can do is make my dreams of making a visual artstyle I have in my head come alive using nothing but my creativity, photoshop and the tutorials on this forum.
I am forever grateful to all present and former team members who contributed to make Kodi unique and great and easy to customize, your work is appreciated by a lot of people every day and I am sure most users are interested in making Kodi something more than just a streaming box, you just dont hear from them so much.

justin150 · 2017-04-28, 20:44

+1 low level DRM.

I have no problem with content creators wanting to have legal streaming subject to reasonable DRM (note emphasis on reasonable!). They have to make money otherwise there will be no movie industry.

It would be brilliant if Amazon Video and Netflix created their own Kodi add ons (or even better gave an sdk which allowed other people to create entirely legit add ons but which sorted movies and TV shows in different ways) which allowed you to access content you have paid for via Kodi.

Even better would be for my cable company to abandon its attempts to create a streaming app (I tried it, calling it laggy rubbish really does not convey just about unredeemably awful the experience was) and create a Kodi add on

The only downside I can see for my wish list is that we could end up with yet more crap Kodi boxes being advertised on ebay, amazon etc. but labelled "legit" as they only included DRM compliant add ons - that could adversely affect the Kodi name even more than the current "fully loaded" (ie completely illegit) Kodi boxes that are still being advertised

**natethomas** · 2017-04-28, 22:15

(2017-04-28, 08:31)RockerC Wrote:
(2017-04-27, 18:33)natethomas Wrote: @RockerC, doesn't that blog post deal more with the systems used by content providers, rather than systems used by us? I can't really imagine Kodi being able to strong arm the providers into using one system over another.
Read the whole blog-post, that quote what just one section taken from it. What I simply mean is that Kodi should implement EME and CDM interface support regardless, as using the EME standard is currently the lesser of all the "evil" DRM schemes.

Oh, ok. Sounds good to me. Smile

BFeely · 2017-04-29, 20:46

(2017-04-27, 19:34)Ferk Wrote: Imho, using the same aproach as Firefox should be fine.

Firefox is also GPL and they are interfacing with the CDM just fine, and they do it through an "open source sandbox". They don't even need to distribute the closed source software, it's downloaded separatelly from Adobe. Kodi could do exactly the same.

Because the Firefox sandbox is unable to take control over the browser's compositor, it cannot prevent screen recording software from capturing the screen. As such, Firefox (and chrome too) are restricted to 720p output.

**natethomas** · 2017-04-30, 02:50

(2017-04-29, 20:46)BFeely Wrote:
(2017-04-27, 19:34)Ferk Wrote: Imho, using the same aproach as Firefox should be fine.

Firefox is also GPL and they are interfacing with the CDM just fine, and they do it through an "open source sandbox". They don't even need to distribute the closed source software, it's downloaded separatelly from Adobe. Kodi could do exactly the same.

Because the Firefox sandbox is unable to take control over the browser's compositor, it cannot prevent screen recording software from capturing the screen. As such, Firefox (and chrome too) are restricted to 720p output.

Which we're pretty much fine with.

**jjd-uk** · 2017-04-30, 09:45

(2017-04-27, 19:34)Ferk Wrote: Imho, using the same aproach as Firefox should be fine.

That's pretty much what we already do where the addon Inputstream Adaptive is the sandbox that hooks into the installed CDM which at the moment comes via Chrome Widevine.