Firefox 38 arrives with contentious closed-source DRM integrated by default

Firefox 38 DRM

Firefox 38 arrives with its most controversial feature yet: a content decryption module that enables users to watch copy-protected HTML5-based video


One year ago Mozilla crushed the hearts of open source fans everywhere by announcing future versions of Firefox would come with the ability to play copy-protected content via HTML5, which requires the use of integrated digital rights management (DRM) technology. On Tuesday, Mozilla finally pulled the trigger.

For users who just want to use Firefox, this means that soon you won’t need Microsoft’s Silverlight plugin to watch Netflix. Instead, Firefox 38 will use Adobe’s Content Decryption Module (CDM). Firefox 38 automatically downloads the CDM in the background shortly after you upgrade or do a fresh install of the browser.

The CDM won’t be activated until you first visit a site that requires it. Both Chrome and Safari come with a CDM installed by default.

The impact on you at home: If updating Silverlight to watch premium video sites annoys you, the CDM will put that issue to rest—but not just yet. Netflix is currently testing the Firefox’s CDM integration and still required Silverlight on Firefox 38 at this writing. Premium video sites that use HTML5-based video should switch over to CDM-based viewing for Firefox in the coming weeks.

DRM with a key difference

At face value, it may appear like you’re trading one DRM-playing plugin for another, but the change has been a source of contention within the open source community. The main problem is that Firefox, which is an open source browser, now downloads and installs a closed source solution by default.

The big concern with closed source programs is that you can’t look at the code to see if it’s threatening privacy by leaking data, or if it has a giant security vulnerability that no one knows about. Those concerns are true of both Silverlight and Adobe’s CDM, but at least with Silverlight the plugin was installed on a per-user basis as opposed to an automatic install for everyone.

To overcome the security concerns, Mozilla limits how the CDM can interact with the rest of the browser by putting it in a sandbox. This stops the CDM from interacting with data or features it doesn’t require to run, or from creating too much harm should a vulnerability surface on malicious websites.

Mozilla felt it had to integrate Adobe’s technology into the browser due to the popularity of CDM-using services like Netflix and to maintain feature parity with competing browsers.

Just another plugin

Instead of baking in the CDM solution like other browsers, Mozilla is also giving users a high degree of control over the CDM just like any other plugin.

You can disable the plugin by typing about:addons in the address bar, and clicking Plugins in the left-hand navigation column. Then select Never Activate from the dropdown next to the Primetime Content Decryption Module provided by Adobe Systems, Incorporated 9 plugin.

For anyone who wants to remove the CDM after it is automatically installed type about:preferences#content in the address bar and uncheck the box next to Play DRM content.

More fierce opponents of CDM integration can also download a version of Firefox from Mozilla’s site that doesn’t install the CDM.

This story, "Firefox 38 arrives with contentious closed-source DRM integrated by default" was originally published by PCWorld.

ITWorld DealPost: The best in tech deals and discounts.