May 11, 2016 | By Cory Doctorow

Save Firefox!

Once upon a time, there were two major browsers that virtually everyone used: Netscape and Internet Explorer, locked in a death-battle for the future of the Web. They went to enormous lengths to tempt Web publishers to optimize their sites to work best inside their windows, and hoped that users would follow.

Then, a game-changer: the open, nonprofit Mozilla browser spun out of Netscape, with the mission of putting users, not publishers, in charge. Mozilla defaulted to blocking pop-up ads, the scourge of the early Web. It was a step none of the major browsers could afford to take, because publishers were convinced they would go broke without them, and any company whose browser blocked pop-ups by default would alienate the publishers, who'd throw their lot in with the competition.

A little over a decade later, and the world of browsers is unrecognizable: Mozilla turned into Firefox; Internet Explorer turned into Edge, Apple launched Safari, and Google launched Chrome. Every one of them blocks pop-ups by default! Literally none of the dominant browsers from a decade ago are in widespread use today.

Which is not to say that there isn't competition. There is, and its as fierce as ever, and as ever, it's a strategic fight to please both publishers and users, whose interests are not always the same. Publishers want to gather more information on users; users want to keep their information private. Publishers want to control users' browsing and viewing experience; users want to sit in the driver's seat.

We need competition; we also need diversity. We need the possibility that young, game-changing market entrants might come along. We need that idea to be kept alive, to make sure that all the browsers don't shift from keeping users happy to just keeping a few giant corporations that dominate the Web happy. Because there's always pressure to do that, and if all the browsers end up playing that same old game, the users will always lose.

We need more Firefoxes.

We need more browsers that treat their users, rather than publishers, as their customers. It's the natural cycle of concentration-disruption-renewal that has kept the Web vibrant for nearly 20 years (eons, in web-years).

We may never get another one, though.

The World Wide Web Consortium (W3C), once the force for open standards that kept browsers from locking publishers to their proprietary capabilities, has changed its mission. Since 2013, the organization has provided a forum where today's dominant browser companies and the dominant entertainment companies can collaborate on a system to let our browsers control our behavior, rather than the other way.

This system, "Encrypted Media Extensions" (EME) uses standards-defined code to funnel video into a proprietary container called a "Content Decryption Module." For a new browser to support this new video streaming standard -- which major studios and cable operators are pushing for -- it would have to convince those entertainment companies or one of their partners to let them have a CDM, or this part of the "open" Web would not display in their new browser.

This is the opposite of every W3C standard to date: once, all you needed to do to render content sent by a server was follow the standard, not get permission. If browsers had needed permission to render a page at the launch of Mozilla, the publishers would have frozen out this new, pop-up-blocking upstart. Kiss Firefox goodbye, in other words.

The W3C didn't have to do this. No copyright law says that making a video gives you the right to tell people who legally watch it how they must configure their equipment. But because of the design of EME, copyright holders will be able to use the law to shut down any new browser that tries to render the video without their permission.

That's because EME is designed to trigger liability under section 1201 of the Digital Millennium Copyright Act (DMCA), which says that removing a digital lock that controls access to a copyrighted work without permission is an offense, even if the person removing the lock has the right to the content it restricts. In other words, once a video is sent with EME, a new company that unlocks it for its users can be sued, even if the users do nothing illegal with that video.

We proposed that the W3C could protect new browsers by making their members promise not to use the DMCA to attack new entrants in the market, an idea supported by a diverse group of W3C members, but the W3C executive overruled us saying the work would go forward with no safeguards for future competition.

It's even worse than at first glance. The DMCA isn't limited to the USA: the US Trade Representative has spread DMCA-like rules to virtually every country that does business with America. Worse still: the DMCA is also routinely used by companies to threaten and silence security researchers who reveal embarrassing defects in their products. The W3C also declined to require its members to protect security researchers who discover flaws in EME, leaving every Web user vulnerable to vulnerabilities whose disclosure can only safely take place if the affected company decides to permit it.

The W3C needs credibility with people who care about the open Web and innovation in order to be viable. They are sensitive to this kind of criticism. We empathize. There are lots of good people working there, people who genuinely, passionately want the Web to stay open to everyone, and to be safe for its users. But the organization made a terrible decision when it opted to provide a home for EME, and an even worse one when it overruled its own members and declined protection for security research and new competitors.

It needs to hear from you now. Please share this post, and spread the word. Help the W3C be the organization it is meant to be.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Celebrate digital rights with EFF's @EFFFalcon and Pioneer Award-winner
@culturejedi this Thursday in Oakland https://www.eff.org/event/ene...

Apr 25 @ 12:43pm

Without net neutrality protections, online startups can't compete. https://www.eff.org/deeplinks...

Apr 25 @ 12:11pm

Does your startup rely on net neutrality? Tell @AjitPaiFCC. https://www.eff.org/deeplinks...

Apr 25 @ 11:41am
JavaScript license information