본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Privacy and Google Widevine CDM?

  • 4 답장
  • 23 이 문제를 만남
  • 1 보기
  • 최종 답변자: soundwave

more options

When you watch drm html5 videos that use Google Widevine CDM (on a website that is not run by Google), can/does Google spy on you? How does Widevine work with firefox? Are they able to collect data about what you are watching and when?

I asked Netflix support, and, about Widevine, they said: "we are not sure if Google collects data of what is watched on Netflix"...

When you watch drm html5 videos that use Google Widevine CDM (on a website that is not run by Google), can/does Google spy on you? How does Widevine work with firefox? Are they able to collect data about what you are watching and when? I asked Netflix support, and, about Widevine, they said: "we are not sure if Google collects data of what is watched on Netflix"...

모든 댓글 (4)

more options

hello soundwave, mozilla has gone to great length designing an architecture that ensures that the cdm/drm modules can't be used to spy on you in firefox - the technical details about are explained in https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/

more options

Assuming the Google Widevine CDM works the same way as the Adobe CDM shown in that article (as seen in the blue diagram), then the CDM would know the unique identifier given to it by firefox (that's ok), and it would also know that it is receiving specific video data from a specific video, and presumably from a specific website.

I can see that the sandbox keeps the CDM from looking at the client computer's hard drive or firefox user preferences (and other fingerprint data), which is great.

But the two things I am wondering are: - When watching Netflix, where is the stream coming from - does it come from Netflix, or does it come from some intermediary Google server api thing (that can track your usage) because that's the only thing that can communicate properly with the client side Google CDM?

- Can the CDM upload information to Google about what it knows? Or does the sandbox make that impossible?

more options

as i'm no netflix user myself i cannot answer the first question, but i'd suspect that they are using a content-delivery network under their control to stream content to users.

soundwave said

- Can the CDM upload information to Google about what it knows? Or does the sandbox make that impossible?

i'd interpret the following section of the article that this wouldn't be possible: In our implementation, the CDM will have no access to the user’s hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.

more options

I read the article again and it says that the CDM doesn't upload any information beyond the "EME-mediated messages between the CDM and the key server".

Seems clear to me that the mediated messages won't give the key server any more 'tracking info' than it already has. (The key server already knows it is transmitting a video to your IP etc.)

Also, it says that it will only upload "between the CDM and the key server", not some other server. See, I was wondering if it was something like those api things where you might go to a page at somesite.com, and then it would contain code that has you connecting to 3rdPartyAPIsite.com to display the content.

The article says that a content provider needs to operate a key server for the google widevine DRM scheme to be able to communicate with the client widevine CDM. I am 99.9% sure that Netflix would be operating the key server, not Google.

But my remaining question is about the way the widevine server works. Does it communicate with Google? For example each time a client requests a video from Netflix does Netflix's widevine key server handle that all right there on Netflix's servers, or, does it have to call home to Google because it's some kind of API that handles the widevine encryption stuff?