Reconciling Mozilla's Mission and W3C EME

May 19 Update: We’ve added an FAQ below the text of the original post to address some of the questions and comments Mozilla has received regarding EME.

With most competing browsers and the content industry embracing the W3C EME specification, Mozilla has little choice but to implement EME as well so our users can continue to access all content they want to enjoy. Read on for some background on how we got here, and details of our implementation.

Digital Rights Management (DRM) is a tricky issue. On the one hand content owners argue that they should have the technical ability to control how users share content in order to enforce copyright restrictions. On the other hand, the current generation of DRM is often overly burdensome for users and restricts users from lawful and reasonable use cases such as buying content on one device and trying to consume it on another.

DRM and the Web are no strangers. Most desktop users have plugins such as Adobe Flash and Microsoft Silverlight installed. Both have contained DRM for many years, and websites traditionally use plugins to play restricted content.

In 2013 Google and Microsoft partnered with a number of content providers including Netflix to propose a “built-in” DRM extension for the Web: the W3C Encrypted Media Extensions (EME).

The W3C EME specification defines how to play back such content using the HTML5 <video> element, utilizing a Content Decryption Module (CDM) that implements DRM functionality directly in the Web stack. The W3C EME specification only describes the JavaScript APIs to access the CDM. The CDM itself is proprietary and is not specified in detail in the EME specification, which has been widely criticized by many, including Mozilla.

Mozilla believes in an open Web that centers around the user and puts them in control of their online experience. Many traditional DRM schemes are challenging because they go against this principle and remove control from the user and yield it to the content industry. Instead of DRM schemes that limit how users can access content they purchased across devices we have long advocated for more modern approaches to managing content distribution such as watermarking. Watermarking works by tagging the media stream with the user’s identity. This discourages copyright infringement without interfering with lawful sharing of content, for example between different devices of the same user.

Mozilla would have preferred to see the content industry move away from locking content to a specific device (so called node-locking), and worked to provide alternatives.

Instead, this approach has now been enshrined in the W3C EME specification. With Google and Microsoft shipping W3C EME and content providers moving over their content from plugins to W3C EME Firefox users are at risk of not being able to access DRM restricted content (e.g. Netflix, Amazon Video, Hulu), which can make up more than 30% of the downstream traffic in North America.

We have come to the point where Mozilla not implementing the W3C EME specification means that Firefox users have to switch to other browsers to watch content restricted by DRM.

This makes it difficult for Mozilla to ignore the ongoing changes in the DRM landscape. Firefox should help users get access to the content they want to enjoy, even if Mozilla philosophically opposes the restrictions certain content owners attach to their content.

As a result we have decided to implement the W3C EME specification in our products, starting with Firefox for Desktop. This is a difficult and uncomfortable step for us given our vision of a completely open Web, but it also gives us the opportunity to actually shape the DRM space and be an advocate for our users and their rights in this debate. The existing W3C EME systems Google and Microsoft are shipping are not open source and lack transparency for the user, two traits which we believe are essential to creating a trustworthy Web.

The W3C EME specification uses a Content Decryption Module (CDM) to facilitate the playback of restricted content. Since the purpose of the CDM is to defy scrutiny and modification by the user, the CDM cannot be open source by design in the EME architecture. For security, privacy and transparency reasons this is deeply concerning.

From the security perspective, for Mozilla it is essential that all code in the browser is open so that users and security researchers can see and audit the code. DRM systems explicitly rely on the source code not being available. In addition, DRM systems also often have unfavorable privacy properties. To lock content to the device DRM systems commonly use “fingerprinting” (collecting identifiable information about the user’s device) and with the poor transparency of proprietary native code it’s often hard to tell how much of this fingerprinting information is leaked to the server.

We have designed an implementation of the W3C EME specification that satisfies the requirements of the content industry while attempting to give users as much control and transparency as possible. Due to the architecture of the W3C EME specification we are forced to utilize a proprietary closed-source CDM as well. Mozilla selected Adobe to supply this CDM for Firefox because Adobe has contracts with major content providers that will allow Firefox to play restricted content via the Adobe CDM.

Firefox does not load this module directly. Instead, we wrap it into an open-source sandbox. In our implementation, the CDM will have no access to the user’s hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.

Traditionally, to implement node-locking DRM systems collect identifiable information about the user’s device and will refuse to play back the content if the content or the CDM are moved to a different device.

By contrast, in Firefox the sandbox prohibits the CDM from fingerprinting the user’s device. Instead, the CDM asks the sandbox to supply a per-device unique identifier. This sandbox-generated unique identifier allows the CDM to bind content to a single device as the content industry insists on, but it does so without revealing additional information about the user or the user’s device. In addition, we vary this unique identifier per site (each site is presented a different device identifier) to make it more difficult to track users across sites with this identifier.

Adobe and the content industry can audit our sandbox (as it is open source) to assure themselves that we respect the restrictions they are imposing on us and users, which includes the handling of unique identifiers, limiting the output to streaming and preventing users from saving the content. Mozilla will distribute the sandbox alongside Firefox, and we are working on deterministic builds that will allow developers to use a sandbox compiled on their own machine with the CDM as an alternative. As plugins today, the CDM itself will be distributed by Adobe and will not be included in Firefox. The browser will download the CDM from Adobe and activate it based on user consent.

While we would much prefer a world and a Web without DRM, our users need it to access the content they want. Our integration with the Adobe CDM will let Firefox users access this content while trying to maximize transparency and user control within the limits of the restrictions imposed by the content industry.

There is also a silver lining to the W3C EME specification becoming ubiquitous. With direct support for DRM we are eliminating a major use case of plugins on the Web, and in the near future this should allow us to retire plugins altogether. The Web has evolved to a comprehensive and performant technology platform and no longer depends on native code extensions through plugins.

While the W3C EME-based DRM world is likely to stay with us for a while, we believe that eventually better systems such as watermarking will prevail, because they offer more convenience for the user, which is good for the user, but in the end also good for business. Mozilla will continue to advance technology and standards to help bring about this change.


What did Mozilla announce?
In a sentence: Mozilla is adding a new plug-in integration point to Firefox to allow an external DRM component from Adobe to supply the function of decrypting and decoding video data in a black box which is designed to make it difficult for the user to extract the decryption keys or the decrypted compressed data.

A plug-in of this new type is called a Content Decryption Module (CDM) and is exposed to the Web via the Encrypted Media Extensions (EME) API proposed at the W3C by Google, Microsoft and Netflix (Here is a short technical explanation of EME). A CDM integrates with the HTML5 <video> and <audio> support provided by the Gecko engine instead of the <embed> or <object> elements that third parties have historically used to enable playback for video wrapped in DRM to Firefox, via software such as Adobe Flash Player and Microsoft Silverlight. We have formed a relationship with Adobe, who will distribute to end users a Firefox-compatible CDM implementing the Adobe Access DRM scheme, and Firefox will facilitate the download and installation of that CDM. Streaming services requiring DRM and implementing the EME-compatible version of Adobe Access should thereby, if they choose to, be able to stream media to Firefox Desktop users on Windows, Mac or Linux.

Does this mean Mozilla is adding DRM to Firefox?
No. Mozilla is providing a new integration point for third-party DRM that works with Firefox. Third-party DRM that works with Firefox is not new. Firefox (and every other browser) already provides another integration point for third parties to ship DRM: the Netscape Plugin API (NPAPI), which has been part of web browsers since 1995. What’s new is the ability of the third-party DRM to integrate with the HTML <video> element and its APIs when previously third-party DRM instead integrated with the <embed> and <object> elements. When integrating with <video>, the capabilities of the DRM component are more limited, and the browser has control over the style and accessibility of the playing video.

Firefox, as shipped by Mozilla, will continue to be Free Software / Open Source Software.

Why is Mozilla adding a new DRM integration point when the NPAPI already exists?
NPAPI plug-ins come with much more than just DRM. In addition to the Adobe Access DRM component, Adobe Flash Player comes with an entire ActionScript runtime, a broad set of APIs, a graphics stack, a media stack and a networking stack. Likewise, in addition to the PlayReady DRM component, Microsoft Silverlight comes with a CLI virtual machine, a broad set of APIs, a graphics stack, a media stack and a networking stack. Driven in major part by Mozilla, the Open Web Platform is growing to match almost all the functionality that Adobe Flash Player or Microsoft Silverlight provide—with one big exception being DRM, which is necessarily non-open. The use of NPAPI plug-ins in most other situations is not as sustainable as it once was. As plugin owners start to migrate from supporting their plugins (for example, Microsoft appears to be ending Silverlight support and Adobe has discontinued Flash for Android), Firefox cannot continue to rely on NPAPI plug-ins for providing video DRM (and thereby allow users to watch movies from major Hollywood studios).

The new CDM integration point is a much more focused plug-in API than the NPAPI. It permits a third-party component to provide the one function that an Open Source implementation of the Open Web Platform cannot provide to Hollywood’s satisfaction: decrypting and decoding video while aiming to make it very difficult for the end-user to tamper with the process. The browser’s media stack and the associated HTML5 APIs can be used for everything else. Since a CDM has less functionality than NPAPI plug-ins, it is easier to sandbox a CDM and easier to port it to new platforms.

Why isn’t DRM dying together with NPAPI plug-ins?
Mozilla’s competitors don’t appear to be letting DRM die together with NPAPI (or ActiveX) plug-ins. In fact, the Encrypted Media Extensions API was developed by Microsoft, Google and Netflix and Microsoft and Google have already implemented EME in their respective browsers.

Netflix operates a massively popular (where available) online service that allows end-users to watch movies from major Hollywood studios and they are already serving content to Internet Explorer and Chrome OS using EME with Microsoft’s and Google’s own DRM schemes (PlayReady and Widevine).

If Mozilla didn’t enable the possibility of installing the Adobe Access CDM for use with EME, we’d be in a situation similar to the one we were in when we did not support the H.264 codec in HTML5 video. Instead of moving away from H.264, Web sites still delivered H.264 video to Firefox users—but did it via the NPAPI using Adobe Flash Player or Microsoft Silverlight rather than via the <video> tag.

Similarly, if Mozilla didn’t enable the use of a Hollywood-approved DRM scheme with HTML5 video using EME, Firefox users would need to continue using Flash, Silverlight or another NPAPI plugin to view Hollywood movies on Windows and Mac. As noted in the previous answer, the long-term future of that capability is in doubt, and the experience (both in terms of installation and in terms of performance) would be worse than the experience in Chrome and IE with their bundled EME CDMs. On other operating systems, Firefox users would be locked out of viewing Hollywood movies (as is the case today), but other browsers, for example Chrome on Linux and Android, would be in a position to support them.

The ability to watch movies from major Hollywood studios is a feature users value. Netflix alone accounts for fully 1/3 of bandwidth usage in North America during the evening peak time. We expect that many users around the world would switch browsers in pursuit of this ability, or of a better experience, if Firefox provided either no experience or a worse experience (depending on operating system).

How will Firefox facilitate the installation of the Adobe Access CDM?
The user experience for EME in Firefox is still being considered. Users will have choice whether to enable use of the CDM.

What does this mean for interoperability of the EME specification?
The Adobe Access CDM as used with Firefox will support ISO Common Encryption (CENC). This is a way of encrypting individual tracks within an MP4 container using 128-bit AESCTR such that the MP4 file declares the key identifiers for the AES keys needed for decryption but doesn’t contain the keys themselves. It is then up to the CDM to request the AES keys by ID from a key server that knows how to talk with the CDM. (The communication between the CDM and the key server is mediated through the EME API and a JavaScript program that can relay the EME messages to the key server over XMLHttpRequest.)

It follows that a site can serve the same MP4/CENC files and the same JavaScript program to different browsers that have CDMs for different DRM schemes, as long as the site runs a distinct key server for each DRM scheme, since each DRM scheme has its format for the EME-mediated messages between the CDM and the key server.

So there is expected to be interoperability on the level of media files and on the level of JS code served to different browsers, but CDMs from different vendors are expected to acquire keys using mutually incompatible protocols. (The EME API sees byte buffers whose contents are opaque to EME.)

Whether EME+CENC is an interoperability improvement depends on what you compare it to. When a content provider operates a full array of key servers for the various DRM schemes that different players may support, it will be an interoperability improvement compared to video delivered via Adobe Flash Player or Microsoft Silverlight, or via apps written for a small set of specific mobile platforms. However, if a content provider doesn’t operate a full array of key servers and caters only to a subset of the EME-relevant DRM schemes, interoperability may not be as good as that provided by current plug-ins. And no DRM scheme can provide the full interoperability benefits of DRM-less HTML5 video.

Won’t having to support multiple key servers with mutually incompatible DRM protocols (in order to get cross-browser support) make Web publishing prohibitively expensive for independent publishers?
DRM is a requirement imposed by the major studios onto services that license movies from them. Independent video publishers can avoid the cost of DRM by not imposing a DRM requirement on themselves.

Which streaming services will be supported?
This is a new agreement with Adobe and it’s too early to be certain exactly which streaming services will support it.

Since the Adobe Access CDM contains an H.264 decoder, does this mean that the decoder can be used for non-DRM content?
Yes. The CDM component could also be used to provide non-DRMed H.264 and/or AAC support in the <video> tag. It is not yet determined for certain where, when and if this capability will be used—that depends on the availability of other options (such as OpenH264).

The market conditions regarding the need for H.264 support in the browser have not changed significantly since Mozilla made the decision in 2012 to provide support for it (via OS libraries or third party software). Mozilla continues to believe that patent un-encumbered codecs are best for the web, and encourages video producers to use open codecs (WebM for example) without the use of DRM.

What does this mean for downstream users of the Firefox code base?
The solution consists of three parts: the browser, the CDM host and the CDM.

The CDM host is an executable distinct from the browser that communicates with the browser using an inter-process communication (IPC) mechanism. The CDM is a shared library loaded by the CDM host. The CDM host drops privileges, such as disk and network access, before calling into the CDM.

Mozilla will develop the CDM host and is planning on making its code open source as is the norm for Mozilla-developed code. However, the CDM will refuse to work if it finds itself in a host that isn’t identical to the Mozilla-shipped CDM host executable. In other words, downstream recipients of the source code for the CDM host won’t be able to exercise the freedom to modify the CDM host without rendering it useless (unless they also make arrangements with Adobe).

This leaves downstream users of the Firefox code base with the following options:

  1. Not supporting the Adobe Access CDM.
  2. Distributing their own browser build that retains Firefox’s IPC behavior and distributing a copy of Mozilla’s CDM host executable.
  3. Distributing their own browser build that retains Firefox’s IPC behavior and distributing a self-built CDM host executable that is bit-identical to Mozilla’s CDM host executable. (I.e. this requires doing the work to achieve deterministic builds for the CDM host.)
  4. Making arrangements directly with Adobe to get a non-Mozilla CDM host executable recognized by the CDM.

Do I have to run proprietary software in order to use Firefox?
No. The Adobe Access CDM is entirely optional. However, we expect Hollywood studios, via their video streaming partners, to deny you access to view their content using the <video> tag if you choose not to use it.

Does this mean applying DRM to HTML?
No, this is about enabling DRM to be applied to video and audio tracks when played using HTML facilities. The DRM doesn’t apply to the HTML document that contains the video or audio element, to page images, or anything else other than video and audio tracks. There are no plans to support DRM for captioning data, for example. Mozilla strongly opposes any future expansion in scope of the W3C EME specification.

Why is DRM supported for the <audio> element?
“Audio” is a subset of “video with audio,” so if we restricted DRM to the <video> element, those who wished to use DRM with audio would just use a “video-less video.”

Also, even though record labels gave up on DRM for music files which are sold to users, they still require DRM for music subscription services (that is, services where the user loses the ability to play the music upon terminating the subscription). Support for EME in the <audio> element helps move those services move off NPAPI plug-ins.

About Andreas Gal

Dr. Andreas Gal is Chief Technology Officer and VP Mobile at Mozilla, leading technical decision making, representing Mozilla externally on technology, and managing R&D programs. Dr. Gal co-founded the Boot to Gecko open mobile ecosystem and is driving its continued evolution as Firefox OS. Previously, he worked as a project scientist at the University of California, Irvine, working in the Secure Systems and Languages Laboratory of Professor Michael Franz. His background is in secure systems, type-safe languages, dynamic compilation, and VMs. He holds a Ph.D. in Computer Science from the University of California, Irvine.

More articles by Andreas Gal…


  1. Joshua Cogliati

    Possibly Mozilla should fork Firefox into a good firefox and a ugly firefox. The good firefox would not have things like EME, or H.264 or plugins. The ugly firefox would have EME and H.264. This would be similar to how gstreamer has a good version and a ugly version.

    As well, Mozilla would then have statistics on how many people want which version.

    May 20th, 2014 at 05:22

    1. abral

      There’s no such need. You can already use Firefox without proprietary stuff (you just don’t install them when Firefox asks you).

      May 22nd, 2014 at 07:17

      1. Joshua Cogliati

        I agree with you that there is no technical need for offering a separate download without DRM and other compromises, but I think there is an ethical need. As in Mozilla needs to say: “Here is a browser that shows what is possible with the open web, with open source, without ethical compromises. This is the web we want.” If Mozilla feels compelled by market forces to offer a browser that does support EME and H.264 than they should continue to offer a browser that only supports what they believe is completely aligned with Mozilla’s mission and vision. I don’t think that offering a second browser would have much technical cost.

        Secondly, this gives Mozilla and others information. They can see which version is downloaded more, and it will give them an idea how much their users care about supporting DRM versus refusing DRM. If they change the user agent string, than webserver owners can also see which version is used more, and make plans accordingly.

        May 25th, 2014 at 07:20

        1. Maki

          Let us please not use User Agent strings anymore. They’re bad practice designed in a time when there were only few browsers and no internet standards, forcing every site to be made compatible for each and every browser’s whims in adding support for things.
          Now with the (Hollywood-corrupted) W3C imposing a ruleset for proper compatibility every browser should follow, User Agent strings really need to go. Sites don’t need to make themselves compatible to the available browsers anymore, browsers need to make themselves compatible with the proper W3C standards.

          In this I see how Mozilla has to add EME support; because the W3C has adopted it as a standard. Bad taste, bad decision, bad practice, bad bad bad… but it’s something they -have to- do in order to be recognized by the W3C.

          I say that offering a fork of their browser which is free from EME would really be the best thing they can do now; keep the EME-laced shitstorm to make the W3C happy until we can kick them back in line, and keep the EME-less browser for those of us who value our choice in the matter.

          Really, though. EME is bad, mmkay? Please listen to your userbase, Mozilla; Throw that blasted DRM into a fork of Firefox. You can call it Firewood (Firefox + Hollywood). It reflects what most of us want to use the whole idea of EME for.

          May 25th, 2014 at 08:54

    2. Fabricio C Zuardi

      I support this idea. (

      “Mozilla should fork Firefox into a good firefox and a ugly firefox. The good firefox would not have things like EME, or H.264 or plugins. The ugly firefox would have EME and H.264.”


      June 8th, 2014 at 07:23

  2. Peter G

    the real question is:

    will EME be available for mobile plattforms.
    if not, then what’s the point of exchanging a plugin for a CDM?

    May 20th, 2014 at 15:12

  3. fung0

    I agree with many others: EME is unnecessary, and just plain evil. I’ve been a devoted Firefox user since the very beginning, but between the horrible changes in FF29 and now EME, you seem determined to drive me away. Once all of us die-hard fans are gone, who do you think will be left?

    May 20th, 2014 at 22:45

  4. Wuzzy

    TL;DR: This decision was premature. Its justification is poor; there are a lot of unfounded assumptions for now. Therefore, the decision is practically without a rational basis. I suggest to do more research and base arguments on it, then reconsidering the whole decision.

    This is a decision with huge ethical implications and it should not have been done lightheaded. This means, data about the current situation should be collected, then arguments based on this data should be brought up and be discussed openly.
    However, I fear the whole argumentation and fact base is very, very poor.
    So I think this important decision has been made prematurely.

    I hear these arguments defending this move over and over again:
    1) If this does not get implemented, the user base would massively shrink.
    2) If the user base shrinks, this would be bad.
    3) It is not really Mozilla’s choice to go this route; Mozilla has basically been forced to do it.

    I have problems with this argumentation:

    a) We don’t even know wheather 1) is actually true.
    To safely conclude that 1) is true, it should (at least partly) be proven that:
    A) the current Firefox user base (and perhaps would-be users) has generally a broad desire to view DRM-restricted stuff
    B) the current Firefox user base (and perhaps would-be users) is generally not interested in freedom anyways (they chose Firefox rather for convenience than for freedom)
    C) DRM-restricted websites are actually popular enough to have potentially a high impact on the browser choice

    The actual proof presented is very poor. Actually, it is was only even attempted to adress C), Mozilla failed to present proof for A) and B) or other factors I did not mention. The “proof” for C) goes like this: Netflix produces a lot of traffic. But sorry, this does not convince me. Netflix is a video streaming website, so it is no surprise it produces a lot of traffic. Looking on traffic alone is biased towards streaming websites and against all the non-streaming websites. Traffic alone is a very poor indicator for popularity. But we’re talking about how many users are or would be using DRM-restricted websites like Netflix, and not about which browser produces the most traffic.

    b) It is not justified in 2) why a shrinking user base would be neccessarily a bad thing. According to Mozilla’s own mission, popularity is not a goal. If it *is* a goal now, I desire to know the justification for that. Without that, 2) is simply no argument. Also, explaining 2) only makes sense if 1) is true. If 1) is false, 2) does not matter.

    c) Argument 3) is an exaggeration. People at Mozilla have made this choice fully on its own. Even if you don’t like that choice, you still made it. To talk about “force” here is completely misleading. And given that arguments 1) and 2) are not convincing, this makes argument 3) even more questionable. Unless Mozilla has been *actually* been forced. For example, by law or lawsuits, legal threats, contracts, etc. But this does not seem the case to me.

    Conclusion: The argumentation defending this decision is very weak. Therefore, the decision Mozilla had made was premature. As we don’t know wheather the premises are true, there is simply no basis for a rational decision. So I strongly suggest to do the research to see wheather the premises are true. It would be very helpful for a rational decision to collect more data on the opinion of Firefox users (and would-be Firefox users). How many Firefox users would *really* run away without the possibility to install propritiary EME plugins? How much do the current Firefox users care about freedom? How many users *would* use Firefox if they could install EME plugins? How many *users* use DRM-restricted websites in total? And so on. Even if we just had a vague idea on that matter would help. But the problem is, we really have no idea at all at the moment. But *if* it is established that 1) is true, then we still need an explanation on why 2) is true. Without 1) and 2) being true, the whole decision remains without basis. Ideally, all that data should have been collected *before* the decision.

    The award for the stupidest part of the text goes to:
    “With direct support for DRM we are eliminating a major use case of plugins on the Web, and in the near future this should allow us to retire plugins altogether. The Web has evolved to a comprehensive and performant technology platform and no longer depends on native code extensions through plugins.”
    Are you fucking kidding me? You can’t have seriously written this. EME is a standard which *demands* plugins. This whole EME thing only *works* with plugins. Plugins are not going away with EME, since EME is *based* on plugins.

    By the way: I pretty much agree with the ethical concerns other people on this page have brought up. These are valid concerns and therefore should be part of the decision process as well. I do not repeat these concerns here.

    May 21st, 2014 at 05:12

    1. Michael

      Fantastic summary, I completely agree with this. I hope you don’t mind, I’ve actually just cut and pasted it and sent it in an email to Andreas Gal, the author of this article (citing you as the author, that I also completely agree, and would he have some kind of response or even better would it make them reconsider).

      May 21st, 2014 at 09:07

      1. Wuzzy

        If you got a response, please forward it to my e-mail adress: .

        May 25th, 2014 at 05:50

        1. Wuzzy

          For some reason the e-mail adress got filtered out. I try it again:
          almikes AT aol DOT com

          May 25th, 2014 at 05:51

    2. Jim

      I agree that it is a very poor decision and I am glad that the poor basis for the decision is clear to others. I would further note that an alternative to the EME is available that keeps DRM out of the open web and avoids Mozilla being forced into accepting[sic] the EME.

      The alternative is to define a complete standard for playing DRM media, rather than splitting it up into the EME/CDM plus JS and a web browser to complete the player. This alternative need not be part of the open web, but would operate over the Internet. Such a media player could be implemented in a range of ways that give the user the choice between the convenience of an integrated player or the security or a separate player. Mozilla reject this as a ‘very bad proposal’ with no substantive reasons.

      It is clear that Mozilla want the EME, and the early announcement is a act to nurture and promote the EME as the winning solution. The difference between the EME and the use of a complete DRM player narrows down the real reasons for the decision by Mozilla to implement the EME. These reasons have not even been mentioned by management, so the statements from Mozilla management are nothing by a red herring and propaganda. The statements from Mozilla include much of the propaganda used by the EME proponents.

      Not a single distributor has yet supported the claimed sandboxed CDM, and Mozilla has not justified how it will be robust, so it is unlikely any significant distributors will support it, or at least not support it for high value content. Thus it will not stop users moving to other web browser to use streaming services, unless Mozilla support other CDMs! Mozilla will have already promoted the EME as the winning standard and will be able to use all the same arguments to justify supporting platform CDM implementations, doing more back-room deals that they will sugar coat with their propaganda.

      The contemporary web does not include DRM and the open web community has not accepted the restrictions that DRM imposes. Mozilla will be responsible for the damage caused to content owners when the open web offers web browsers that save content, and will be responsible for harm causes by false prosecution of the developers and distributors of such open web browsers. This matter will surely be tested in the courts and Mozilla will need to defend themselves, defend their interpretation of the open web as supporting DRM, and this is completely absurd given the Mozilla mission.

      The development of Firefox is open to allow the community to check for compromising actions. Mozilla have compromised the open web by announcing their implementation of the EME. We need to develop appropriate responses.

      May 24th, 2014 at 22:47

  5. Red

    Correct me if I’m wrong …

    EME offers easy Javascript API?

    Does this mean that the all mallware authors will have a secure distribution channel that no one else will be able to read?

    This makes EME a ultimate backdoor.

    May 21st, 2014 at 06:36

  6. onion

    Although Mozilla’s dilemma is understandable, you can’t compromise with tyrants (hollywood)! Accepting this kind of restriction of free speech, which is what DRM is, sets a very dangerous precedence and puts Firefox firmly on the “to be avoided” list. Do humanity a favor and scrap this DRM garbage. Nothing good will come of it!

    May 21st, 2014 at 07:03

  7. Michaela Merz

    @MitchellBaker @firefox I renew my call for a community vote on DRM. Let us decide.

    Twitter: @mischmerz

    May 21st, 2014 at 08:34

  8. Craig Barnes

    You dont object to something by going with the flow, Firefox must stand up for the rights of its users, even if most of those users dont understand the problem. Make the most use of this opportunity to educate them.

    If you need support for an education drive, I have no doubt that you will recieve it if you ask.

    Take the higher groud. This is the reason I use Firefox, and the reson I would support an anti DRM fork should the need arrise.

    By implementing support for DRM in Firefox you are by definition acknowleding DRM.

    The only objectives that DRM achieve are those of the monopoly holders. Content producers will be no better off for this, only the distributers will truly benfit. Users rights will be restricted further, and it serves as a very ugly precident in Copyright history.

    The Copyright system has been abused too much already.

    If just one major browser objects so such behaviour ( the peoples browser – Firefox ), then nobody will be able to claim that DRM has been accepted by all major browsers.

    Please reconsider this position, there is more at stake than market share.

    May 22nd, 2014 at 13:03

  9. Castarco

    Hello, I have three important questions that i think it’s worth to anwser in the FAQ.

    Which are the terms of the comercial agreement with Adobe? What gets Adobe for developing de Adobe Access CDM? Money from content distributors? Money from Mozilla? Both?

    Will Adobe obtain a monopoly on the Firefox CDM plugin? Will be possible to install more than one CDM plugin at the same time from different sources/companies?

    Will Firefox do the effort to achieve deterministic compilations for the CDM host executable in order to help the community to verify that the binaries corresponds to the open sourced code?

    May 22nd, 2014 at 15:13

  10. Hugh O’Brien

    This is wrong, promoting convenience over ethics. This is not what Mozilla is about, and is not what people choose its products for. If this is not clear, ask the users what they would want. Those involved in the community will have a different voice than the ‘everyday’ user, respect it.

    May 25th, 2014 at 09:13

  11. Sylvester

    This implementation of EME is not a good move. What would stallman say about this? Mozilla should have used this chance to educate users the fallacies of DRM. At least 1/5 of the world will be educated. By the way, there’s GNU IceCat for those people saying Mozilla should provide a fork.

    May 26th, 2014 at 04:39

    1. Maki

      GNU IceCat only works on GNU/Linux & OSX.
      For Windows there is Pale Moon.

      Note that GNU IceCat and Pale Moon are made by different maintainers and have different goals behind their rebranding/forking of Firefox.

      May 26th, 2014 at 07:39

  12. Mike

    I pity the sheeple who even consider being DRM’ed. All this shouold be an utter non-issue. People who value their freedom enough will always turn to “illegal” means rather than be f*cked by anyone on their own devices. Even if it means not getting all the hip “content” immediately.

    So yes on the one hand it is irrelevant because the only reason I will download the spyware is to decompile it, and on the other hand it is IMO a very bad decision by Mozilla and definitely, along with past bad privacy and security decisions + ruminations about ad junk alienates many freedom lovers to a point where unforked firefox is quickly becoming a non-option.

    this is 2014, folks! and there you are, supporting the mad machinations of the content mafia.

    May 30th, 2014 at 12:36

  13. 0ctatron

    Hey Mozilla, hows it feel to violate your own principals you DRM sellout!!

    You could have offered up the Adobe bit as an Add-on that’s ticked on by default during install. But NOOOO you had to bind it in, removing the users choice to have an untainted pure open source browser.

    But no you had to go and jump in bed with Adobe down the street and now look whats happened! Shame Shame

    At least tell me you left Thunderbird and Iceweasel alone?

    May 31st, 2014 at 02:52

  14. Pierre

    Mozilla, Are you just gonna ignore everobody’s complaint about your decision? Are you gonna do as though everything was fine, and nothing happened?

    Are you now under control of money, and big companies and not anymore under the control of the people? Now you just don’t care about the people like big compagnies, who constantly attack the public?


    June 2nd, 2014 at 03:30

  15. Pierre


    We all understood -I think – that your decision is not about installing DRM or non-free software without the conscent of the user. But to me it is not the question.

    The question is “How likely is it that a free software user will be able to access the entire web (or most of) without either DRM or non-free software?”

    And I think your decision is making it a lot less likely that the web remains free and open.

    June 2nd, 2014 at 04:52

  16. Brett Zamir

    The Universal Declaration of Human RIghts states, “Everyone has the right to the protection of the moral and material interests resulting from any scientific, literary or artistic production of which he is the author.” (Article 27.2)

    While Mozilla is of course not a government and is free to create technology which restricts the protection of the material interests of software productions, if it is a right to have one’s artistic productions protected materially, why is everyone assuming that the only moral thing to do for a technical product is to support the interests of consumers for their material interests in exploiting a product more fully instead of also for the arts producers distributing content accessible to the tool?

    I’m all for taking steps to level the playing field, but I think reasonable people take this as with all things in moderation (and also don’t lie to themselves in claiming that restricted content can only possibly hurt the industry).

    Most people with hearts are fine with the government leveling the playing field to a certain degree by coercively redistributing some wealth from wealthier persons and entities to the poor. But if one does _everything_ coercively, fewer good things will get made, no matter how much one philosophizes about it. Of course there can be plenty of good, unrestricted productions, and plenty of bad restricted ones, but one cannot say that without a material incentive, producers will just serve the State for the supposed benefit of all.

    Besides this, charity is rendered less meaningful if the coercion becomes absolute; there is a joy in willingly sharing or contributing content or code which is not compelling others to do the same.

    Mozilla has historically taken a moderate approach to “coercion”, leveling the playfield somewhat with the obligations of its license, but it does not take an exclusively viral (i.e., more compulsory) approach, so I see nothing inconsistent with its approach here.

    So unless there are security issues that indeed cannot be solved, I don’t understand why so many here are eager to prevent a means enabling the web to truly be for everyone according to their own independent rights, whether as producers or consumers. If you don’t like it, argue for the benefits of sharing, but let others live their lives. I’d frankly prefer that this be expanded even further to facilitate closed source client-side JavaScript.

    (Note that I mention closed source JavaScript as opposed to other proprietary languages/plug-ins; I do hope Mozilla continues to advance united web standards as opposed to proprietary plug-ins simply because a proliferation of languages (as with multiple human lingua francas) doing the same thing is of no real benefit to consumers OR producers except when the standards are failing to keep pace with wishes of consumers and plug-ins compete to meet the gap (thus my interest in my “AsYouWish” add-on to provide a web-based JavaScript API for privileges not yet exposed to websites upon user permission).)

    So, how about we stop assuming there is only one ethical approach here; unless Mozilla is deceiving users, they don’t need to pressure artists into redistributing their legitimate wealth, nor do they need apologize for it either as far as I am concerned.

    June 2nd, 2014 at 06:51

    1. Michaela Merz

      Simple answer to you question: The Internet was first. We built it in our free time, with our software that we shared among others so that they too could become a part of it. The content industry came long after we were using the net for the things we used it for. Nobody forced them to use the net. So – if they want to protect their content – why not start their own network?

      June 2nd, 2014 at 07:27

  17. Kirk M

    I’m curious. I wonder how many folks here who use Firefox and are complaining about this decision have the latest Flash and/or Silverlight plugins installed in Firefox. Considering that both are DRM enabled, I’d find these complaints a bit hypocritical. And what’s the use of forking Firefox into a browser like Palemoon if users are just going to install Flash and Silverlight and watch DRM media anyway?

    Mozilla either implements this or goes out of compliance with W3C–not something the developer of a major browser wants. At least DRM won’t be “hard-baked” into Firefox itself and they’re giving users a choice whether to accept the DRM enabled CDM download or not, unlike the other major browsers who already have DRM built in and gives the user no choice whatsoever.

    “But CDM is going to be developed by Adobe and will be closed sourced” Well, so is Adobe’s Flash plugin, what of it?

    If there’s any entity to blame here, it’s W3C for rolling over to “Hollywood” and company so Mozilla either had to do this or fall out of compliance. As far as I’m concerned, Mozilla is not and never was the “savior” of the so-called “open web”. Heck, Mozilla isn’t even a company and it’s certainly not the “last haven” of anything. So now Firefox users against DRM (yes, DRM needs to completely revamped or tossed into the trash altogether in lieu of something else) feel it’s alright to heave the entire burden of preserving the “open web” on Mozilla’s shoulders? I think not.

    Mozilla can still promote openness and fight DRM and still remain in compliance with W3C standards.

    June 2nd, 2014 at 07:19

    1. Joshua Cogliati

      Since you asked “I wonder how many folks here who use Firefox and are complaining about this decision have the latest Flash and/or Silverlight plugins installed in Firefox.” here is what I do.

      I have a separate virtual machine (qemu) that I stick the non-open source things like chrome and flash in. This virtual machine’s only purpose is to do things like play H.264 videos and DRM’ed VEVO videos and the like. If I encounter a video or something else that cannot be played with open source Firefox, I decide if I think it is worth it to start up the virtual machine. Usually I decide no, but about once a week to once a month, I will start up the virtual machine. So yes, I am complaining about Mozilla including DRM even tho’ I occasionally do use DRM’ed videos. But the majority of the time if a video uses H.264 or DRM, I just don’t view it.

      June 3rd, 2014 at 04:58

      1. Kirk M

        @Joshua Cogliati – A very wise thing to do. I myself keep Windows 7 32 bit in a virtual machine (VirtualBox) although I really don’t have the need to do so any longer (mostly to help troubleshoot my wife’s Windows machine is it goes funky).

        I don’t have much use for DRM or H.264 video at all or the need to view it and I would probably use your solution if I did. However, this type of solutions what you might call an “edge case” employed by those who are advanced computer users. In my experience, most so-called “average” users would neither know or care about this type of thing. Their question would be, “Can I stream my movies or not?” ;-)

        June 3rd, 2014 at 06:43

  18. James Kaplan

    Netflix and others desiring to provide secure transmission have their own apps making browser delivery superfluous.

    Why is it Mozilla and so many others are so rabidly concerned to bend over for Hollywood and the NSA yet fail when it comes to protecting consumers? Google, Instagram, even Facebook all require us to give up rights to whatever WE publish, yet we are expected to yield to their requirements? Last time I checked there were billions of internet users and only a handful of DRM supporters.

    Give us a break!

    June 2nd, 2014 at 12:11

  19. Gregory Karastergios

    SRSLY? I do not need DRM in my favorite browser. There is no point in DRM. Firefox was made as a browser that is open and free. not one that restricts what I can do online. Besides, I have my ways around DRM and EME to do what I want.

    June 5th, 2014 at 07:27

  20. Andrew

    Well that’s the end of me using firefox. It was a good run but they have clearly strayed from there core values and principals. If a good version is ever forked I will happy use that. I like firefox and it is sad to see it go away.

    June 9th, 2014 at 18:56

Comments are closed for this article.