Encrypted Media Extensions

Encrypted Media Extensions (EME) is a W3C specification for providing a communication channel between web browsers and the Content Decryption Module (CDM) software which implements digital rights management (DRM).^[2] This allows the use of HTML video to play back DRM-wrapped content such as streaming video services without the use of heavy third-party media plugins like Adobe Flash or Microsoft Silverlight (both discontinued). The use of a third-party key management system may be required, depending on whether the publisher chooses to scramble the keys.

EME

Encrypted Media Extensions
Abbreviation	EME, encrypted-media
Native name	Encrypted Media Extensions
Status	W3C Recommendation
Year started	2013 (2013)
First published	May 10, 2013 (2013-05-10)[1]
Latest version	2017-09-18 September 18, 2017; 7 years ago (2017-09-18)[2]
Preview version	Editor's Draft March 20, 2021; 4 years ago (2021-03-20)[3]
Organization	W3C Google Microsoft Netflix [2][3]
Committee	HTML Media Extensions Working Group[2] Media Working Group[3]
Editors	Joey Parrish[3] Greg Freedman[3] Former editors David Dorwin (until September 2019 (2019-09)) Jerry Smith (until September 2017 (2017-09)) Mark Watson (until September 2017 (2017-09)) Adrian Bateman (until May 2014 (2014-05)) [2][3]
Base standards	Media Source Extensions MPEG-DASH MPEG-CENC
Domain	Digital rights management
Website	Latest version: www.w3.org/TR/encrypted-media/ Editor's draft: w3c.github.io/encrypted-media/

EME is based on the Media Source Extensions (MSE) specification,^[4] which enables adaptive bitrate streaming in HTML audio and video, e.g. using MPEG-DASH with MPEG-CENC protected content.^[5][6]

EME has been highly controversial because it places a necessarily proprietary, closed decryption component which requires per-browser licensing fees into what might otherwise be an entirely open and free software ecosystem.^[7][8] On July 6, 2017, W3C publicly announced its intention to publish an EME web standard,^[9] and did so on September 18.^[2] On the same day, the Electronic Frontier Foundation, who joined in 2014 to participate in the decision making,^[10] published an open letter resigning from W3C.^[11]

Support

In April 2013, on the Samsung Chromebook, Netflix became the first company to offer HTML video using EME.^[12]

As of 2016^[update], the Encrypted Media Extensions interface has been implemented in the Google Chrome,^[13] Internet Explorer,^[14] Safari,^[15] Firefox,^[16] and Microsoft Edge^[17] browsers.

While backers and the developers of the Firefox web browser were hesitant in implementing the protocol for ethical reasons due to its dependency on proprietary code,^[18] Firefox introduced EME support on Windows platforms in May 2015, originally using Adobe's Primetime DRM library, later replaced with the Widevine library (CDM). Firefox's implementation of EME uses an open-source sandbox to load the proprietary DRM modules, which are treated as plug-ins that are loaded when EME-encrypted content is requested. The sandbox was also designed to frustrate the ability for services and the DRM to uniquely track and identify devices.^[16][19] Additionally, it is always possible to disable DRM in Firefox, which then not only disables EME, but also uninstalls the Widevine DRM libraries.^[20]

Netflix supports HTML video using EME with a supported web browser: Chrome, Firefox,^[21] Microsoft Edge, Internet Explorer (on Windows 8.1 or newer^[22]), or Safari (on OS X Yosemite or newer^[23]). YouTube supports the MSE.^[24] Available players supporting MPEG-DASH using the MSE and EME are NexPlayer,^[25] THEOplayer^[26] by OpenTelly, the bitdash MPEG-DASH player,^[27][28] dash.js^[29] by DASH-IF or rx-player.^[30]

Note that in Firefox and Chrome, EME does not work unless the media is supplied via Media Source Extensions.

Version 4.3 and subsequent versions of Android support EME.^[31]

Content Decryption Modules

• Adobe Primetime CDM (used by old Firefox versions 47 to 51)^[20]
• Widevine (used in Chrome and Firefox + their derivatives, including Opera and newest versions of Microsoft Edge)^[32]
• PlayReady (used in EdgeHTML-based Microsoft Edge on Windows 10 and Internet Explorer 11 for Windows 8.1 and 10)^[32]
• FairPlay (used in Safari since OS X Yosemite)

Criticism

EME has faced strong criticism from both inside^[33][34] and outside W3C.^[35][36] The major issues for criticism are implementation issues for open-source browsers, entry barriers for new browsers, lack of interoperability,^[37] concerns about security, privacy and accessibility, and possibility of legal trouble in the United States due to Chapter 12^[38] of the DMCA.^{[39][40][41][42]}

In July 2020, Reddit started using a fingerprinting mechanism that involves loading every DRM module that browsers can support, and logs what ends up loading as part of the data collected. Users noticed this when Firefox began alerting them that Reddit "required" them to load DRM software to play media, although none of the media on the page actually needed it.^[43]

As of 2020, the ways in which EME interferes with open source have become concrete. None of the widely used CDMs are being licensed to independent open-source browser providers without paying a per-browser licensing fee (particularly to Google – for their Widevine CDM, which is used in nearly all recently developed web browsers).^[7]

See also

• Media Source Extensions
• HTML5 § Digital rights management
• World Wide Web Consortium
• Digital rights management
• Defective by Design
• Electronic Frontier Foundation
• Digital Millennium Copyright Act
• Project DReaM
• Protected Media Path