Privacy and Google Widevine CDM?
When you watch drm html5 videos that use Google Widevine CDM (on a website that is not run by Google), can/does Google spy on you? How does Widevine work with firefox? Are they able to collect data about what you are watching and when?
I asked Netflix support, and, about Widevine, they said: "we are not sure if Google collects data of what is watched on Netflix"...
All Replies (4)
hello soundwave, mozilla has gone to great length designing an architecture that ensures that the cdm/drm modules can't be used to spy on you in firefox - the technical details about are explained in https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/
Assuming the Google Widevine CDM works the same way as the Adobe CDM shown in that article (as seen in the blue diagram), then the CDM would know the unique identifier given to it by firefox (that's ok), and it would also know that it is receiving specific video data from a specific video, and presumably from a specific website.
I can see that the sandbox keeps the CDM from looking at the client computer's hard drive or firefox user preferences (and other fingerprint data), which is great.
But the two things I am wondering are: - When watching Netflix, where is the stream coming from - does it come from Netflix, or does it come from some intermediary Google server api thing (that can track your usage) because that's the only thing that can communicate properly with the client side Google CDM?
- Can the CDM upload information to Google about what it knows? Or does the sandbox make that impossible?
as i'm no netflix user myself i cannot answer the first question, but i'd suspect that they are using a content-delivery network under their control to stream content to users.
soundwave said
- Can the CDM upload information to Google about what it knows? Or does the sandbox make that impossible?
i'd interpret the following section of the article that this wouldn't be possible: In our implementation, the CDM will have no access to the user’s hard drive or the network. Instead, the sandbox will provide the CDM only with communication mechanism with Firefox for receiving encrypted data and for displaying the results.
I read the article again and it says that the CDM doesn't upload any information beyond the "EME-mediated messages between the CDM and the key server".
Seems clear to me that the mediated messages won't give the key server any more 'tracking info' than it already has. (The key server already knows it is transmitting a video to your IP etc.)
Also, it says that it will only upload "between the CDM and the key server", not some other server. See, I was wondering if it was something like those api things where you might go to a page at somesite.com, and then it would contain code that has you connecting to 3rdPartyAPIsite.com to display the content.
The article says that a content provider needs to operate a key server for the google widevine DRM scheme to be able to communicate with the client widevine CDM. I am 99.9% sure that Netflix would be operating the key server, not Google.
But my remaining question is about the way the widevine server works. Does it communicate with Google? For example each time a client requests a video from Netflix does Netflix's widevine key server handle that all right there on Netflix's servers, or, does it have to call home to Google because it's some kind of API that handles the widevine encryption stuff?