|Encrypted Media Extensions|
Encrypted Media Extensions
|First published||May 10, 2013|
September 18, 2017
|Preview version||Editor's Draft|
March 20, 2021
|Domain||Digital rights management|
Encrypted Media Extensions (EME) is a W3C specification for providing a communication channel between web browsers and the Content Decryption Module (CDM) software which implements digital rights management (DRM). This allows the use of HTML5 video to play back DRM-wrapped content such as streaming video services without the use of heavy third-party media plugins like Adobe Flash or Microsoft Silverlight. The use of a third-party key management system may be required, depending on whether the publisher chooses to scramble the keys.
EME is based on the HTML5 Media Source Extensions (MSE) specification, which enables adaptive bitrate streaming in HTML5 using e.g. MPEG-DASH with MPEG-CENC protected content.
EME has been highly controversial because it places a necessarily proprietary, closed decryption component which requires per-browser licensing fees into what might otherwise be an entirely open and free software ecosystem. On July 6, 2017, W3C publicly announced its intention to publish an EME web standard, and did so on September 18. On the same day, the Electronic Frontier Foundation, who joined in 2014 to participate in the decision making, published an open letter resigning from W3C.
In April 2013, on the Samsung Chromebook, Netflix became the first company to offer HTML5 video using EME.
As of 2016[update], the Encrypted Media Extensions interface has been implemented in the Google Chrome, Internet Explorer, Safari, Firefox, and Microsoft Edge browsers.
While backers and the developers of the Firefox web browser were hesitant in implementing the protocol for ethical reasons due to its dependency on proprietary code, Firefox introduced EME support on Windows platforms in May 2015, originally using Adobe's Primetime DRM library, later replaced with the Widevine library (CDM). Firefox's implementation of EME uses an open-source sandbox to load the proprietary DRM modules, which are treated as plug-ins that are loaded when EME-encrypted content is requested. The sandbox was also designed to frustrate the ability for services and the DRM to uniquely track and identify devices. Additionally, it is always possible to disable DRM in Firefox, which then not only disables EME, but also uninstalls the Widevine DRM libraries.
Netflix supports HTML5 video using EME with a supported web browser: Chrome, Firefox, Microsoft Edge, Internet Explorer (on Windows 8.1 or newer), or Safari (on OS X Yosemite or newer). YouTube supports the HTML5 MSE. Available players supporting MPEG-DASH using the HTML5 MSE and EME are NexPlayer, THEOplayer by OpenTelly, the bitdash MPEG-DASH player, dash.js by DASH-IF or rx-player.
Note that certainly in Firefox and Chrome, EME does not work unless the media is supplied via Media Source Extensions.
Version 4.3 and subsequent versions of Android support EME.
EME has faced strong criticism from both inside and outside W3C. The major issues for criticism are implementation issues for open-source browsers, entry barriers for new browsers, lack of interoperability, concerns about security, privacy and accessibility, and possibility of legal trouble in the United States due to Chapter 12 of the DMCA.
In July 2020, Reddit started using a fingerprinting mechanism that involves loading every DRM module that browsers can support, and logs what ends up loading as part of the data collected. Users noticed this when Firefox began alerting them that Reddit "required" them to load DRM software to play media, although none of the media on the page actually needed it.
As of 2020, the ways in which EME interferes with open source have become concrete. None of the widely used CDMs is being licensed to independent open-source browser providers without paying a per-browser licensing fee (particularly to Google – for their Widevine CDM, which is used in nearly all recently developed web browsers).
In mobile markets [...] Android has supported MSE since version 4.1, and EME since version 4.3.
Note that IE10 and IE11 on Windows 7 do not have the MSE/EME API available which is required to playback DRM protected video content in HTML5. As a consequence, it is technically not possible for any HTML5-based video player to playback DRM protected content on these browsers in Windows 7.