Announcement

Collapse
No announcement yet.

Wayland Secure Output Protocol Proposed For Upstream - HDCP-Like Behavior

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Luke
    replied
    Originally posted by MrMorden View Post

    Whether or not a display and computer communicate by an encrypted channel is completely irrelevant to the guy next door Van Ecking you or the guy across the street with a telephoto lens.
    The telephoto lens can be controlled by minding where you set up and the sightlines in question. As for reading RF emissions, historically the monitor has been the strongest source of these, with old VGA cables and connections as the absolute worst offenders. Take the monitor out of the picture and an attacker has to get a lot closer to read other RF emissions. Most laptops on the one hand are poorly shielded but on the other hand have very short monitor cables. On desktops (which use far more power, presumably generate stronger signals, and can be targetted by known location), I do NOT use plastic windows etc in cases, using all-metal cases, fine mesh on fan openings, and watching for plastic fronts on accessories that require added shielding. I needed this not only for RM privacy, but also to keep the (encrypted) wifi device plugged into the back of the case from being jammed by overclocked board signals some of which fall in the 2.4GHZ band used by wifi and otherwise were very strong at a range of just an inch or two from the case. Corking up RF leaks made wifi work far better-and anyone snarfing that needs to defeat both encrypted wifi and then https, one after the other. If they can do that they can probably beat HDCP as well.

    The real experts on RF-quiet cases are ham radio operators, whose concern is not with someone reading their computer signals from the end of the block but rather with their very, very sensitive receiver just feet away being jammed or desensed by RF trash from the computer. The PSU puts out a comb of frequences at close intervals (100KHZ at one time, no idea if still the case) that can wreck reception on the HF (3-30MHZ) bands even if nothing else in the computer runs that low anymore. For UHF/microwave operators the ham bands at 1240-1300mhz, 2300-2310/2390-2450mhz, and 3.3-3.5GHZ overlap with freqencies used in modern computers, and higher bands no doubt face interference from strong harmonics of square-wave computer frequencies at close range. Still a real break from the days when a 100MHZ front side bus that was overclocked above 108mhz ended up in the aircraft band and sometimes led to FCC issues with overclocked computers that were not properly shielded.

    Leave a comment:


  • F.Ultra
    replied
    Originally posted by shmerl View Post

    How is this an excuse, if it's for DRM not on desktops? It's still for DRM.
    Just because he wrote "desktops" does not mean that he means that this will implement DRM on any server either. Remember folks, DRM will be in the content and not in the kernel or display server, i.e when you will be exposed to DRM is when some content demands DRM and then it does not matter if you have this Wayland protocol or not.

    Leave a comment:


  • F.Ultra
    replied
    Originally posted by Danny3 View Post

    Also a bit of iron when it's taken out of ground it will not tie your hand together, but when you make handcuffs out of it, it will.
    The same idea is with a gun, each individual component of it can't probably kill you, but when you put all the pieces together...

    The correct version of the quote I think it is:
    This is not a way to implement any kind of Digital Rights Management on desktops at the moment.
    When all the pieces will be there, it will be DRM because there's no other purpose for it.
    Ok so we quote some more from the actual patch..

    This protocol is mostly useful for closed systems, where the client can
    trust the compositor, such as set-top boxes. This is not a way to implement any kind of Digital Rights Management on desktops. The protocol deliberately doesn't define what a "secure output" is, and the compositor would be free to lie to the client anyway.
    You will see DRM the day some user space software will be released by "some one" and that day it will not matter one bit if Wayland supports this particular protocol or not. Until then you will experience the part of DRM that is "you not able to run the piece of software anyway" so you will be locked out of the content either way.

    Leave a comment:


  • jacob
    replied
    Originally posted by Britoid View Post

    Hollywood wants it, they don't care its stupid.
    Hollywood or, more precisely, the various ***AA's, don't realise how much the world is changing. Of course that's nothing new, but now fewer and fewer people rely on their legacy distribution channels. if we aren't there already, then the day is VERY near where their main source of revenue will be online distribution. It will be a wholly different situation when a company like Netflix will be able to tell Hollywood "we have X hundred million subscribers; if you want us to distribute your production to them, that's cool, these are our terms and conditions and if you don't like them, then get lost". Not saying that Netflix are necessarily the "good guys" or that their approach is necessarily more user-friendly than the obnoxious studios, but I think that's the idea.

    Leave a comment:


  • MrMorden
    replied
    Originally posted by Luke View Post
    If HDCP support really does come to X and/or Wayland, for high security cases an HDCP compliant monitor is a lot cheaper than a TEMPEST-shielded computer room, it's just a matter of being able to encrypt ALL content with a key the monitor can recognize, no idea if that's possible or not.
    Whether or not a display and computer communicate by an encrypted channel is completely irrelevant to the guy next door Van Ecking you or the guy across the street with a telephoto lens.

    Leave a comment:


  • boxie
    replied
    Originally posted by sandy8925 View Post

    Uh what? No you don't choose it. Google added this so they can use it with Chrome. That means the closed source version shipping on ChromeOS (assuming they ever use Wayland) and the closed source version you download for Linux desktops (i.e google-chrome not chromium) will use this. In fact, even Chromium might have this enabled and turned on by default. Unless you're running Chromium, you don't have a choice as to whether or not this gets used.

    Main question is will they make it so that you need HDCP for watching any kind of copyrighted media? Netflix and Prime Video atleast play SD video through the browser without requiring Flash and other crap, but is Google planning to cut that off and only show if full verified HDCP support is present?
    the choice here is to use a different browser. there are many based on the chromium project - there are a few based on the bliink engine. some are open, some are closed. browser choice is something you have plenty of.

    Ensuring that a display pipeline is secure is also something that can be used. Want to make sure that a malicious app can't screen record your password manager app? that sounds like a perfect use of a secure display pipeline.

    There is a tricky line to walk between freedom and protection.

    Leave a comment:


  • Luke
    replied
    Originally posted by sandy8925 View Post

    Uh what? No you don't choose it. Google added this so they can use it with Chrome. That means the closed source version shipping on ChromeOS (assuming they ever use Wayland) and the closed source version you download for Linux desktops (i.e google-chrome not chromium) will use this. In fact, even Chromium might have this enabled and turned on by default. Unless you're running Chromium, you don't have a choice as to whether or not this gets used.

    Main question is will they make it so that you need HDCP for watching any kind of copyrighted media? Netflix and Prime Video atleast play SD video through the browser without requiring Flash and other crap, but is Google planning to cut that off and only show if full verified HDCP support is present?
    Two separate issues come up: OK, first thing first, the best way to fight Digital Restrictions Management is to refuse to consume any actively copyright protected media at all. If it is pirated by someone else, OK, otherwise forget it. I took this all the way to avoiding exposure to newly copyrighted music, and no longer goin to the movies after the filesharing lawsuits started (and then stopped due to the boycotts). If Google decides Youtube works only with DRM, they will lose a lot of their postings of video, and people will just move on to other servers. Music videos on Youtube posted other than by the record companies will just move to torrents or the dark web.

    Now, DRM is just a special case of encryption, and it has the same weakness as a Signal group with too many people in it: the media has to be decryptable by untrusted individuals. When the same media has to go to millions of people, ALL of them have to get a key, and someone, somewhere will find a way to get the hardware to let go of it. Once they do, they make an unencrypted copy and its out there. If HDCP had only ever been used to encrypt movies sent to reviewers so their neighbors from rival studios couldn't snarf the content by reading monitor RF emissions it would probably never have been broken (and in fact would probably still work for that).

    If HDCP support really does come to X and/or Wayland, for high security cases an HDCP compliant monitor is a lot cheaper than a TEMPEST-shielded computer room, it's just a matter of being able to encrypt ALL content with a key the monitor can recognize, no idea if that's possible or not.

    Leave a comment:


  • Danny3
    replied
    Originally posted by F.Ultra View Post

    Quote from the actual patch:
    This is not a way to implement any kind of Digital Rights Management on desktops.
    Also a bit of iron when it's taken out of ground it will not tie your hand together, but when you make handcuffs out of it, it will.
    The same idea is with a gun, each individual component of it can't probably kill you, but when you put all the pieces together...

    The correct version of the quote I think it is:
    This is not a way to implement any kind of Digital Rights Management on desktops at the moment.
    When all the pieces will be there, it will be DRM because there's no other purpose for it.

    Leave a comment:


  • shmerl
    replied
    Originally posted by F.Ultra View Post

    Quote from the actual patch:

    This is not a way to implement any kind of Digital Rights Management on desktops.
    How is this an excuse, if it's for DRM not on desktops? It's still for DRM.

    Leave a comment:


  • edwaleni
    replied
    Originally posted by Britoid View Post

    Hollywood wants it, they don't care its stupid.
    Actually medical and financial want it.

    Leave a comment:

Working...
X