Joeflash’s Enigmacopaedia


DRM in Flash — What’s the Big Deal?

Posted in FlashComm/FMS, Adobe, Flash Player, DRM by Joeflash on the March 12th, 2008

I’m a little late to the discussion it would seem, but, in stumbling upon last month’s heated discussion on the topic of DRM in Flash, let me lend a little clarity, and sanity I hope, to the debate.

No doubt you’ve already heard of the Electronic Frontier Foundation’s denouncement of “DRM in Flash”, with posts and comments such as these serving only to confuse matters.

Understand, I’m the first to say “down with DRM” — I want my MP3 and my FLV (cue Dire Straights song). I love the open source revolution, and I could not do business without it. But on the other hand, previous to this capability, some clients would not publish their material to the web at all rather than use Flash. Or they’d put their content on Windows Media Player (egads! Have you ever tried to play web video in that thing?) Given that Silverlight supports DRM, Adobe must follow suit and leverage a DRM solution in order to compete. And, given the number of clients that will now regard Flash as a serious broadcast-capable video publishing medium, the increased usage can only be a good thing, because once again Flash video will be made to accommodate a more demanding client market, which eventually translates into better Flash Player performance, more codecs, more choice for video on the web.

It has always been possible to protect FLV video by way of Flash Comm/Media Server, because streaming video using the RTMP protocol would not show up in the browser cache. Some sites like YouTube still use progressive (non-streaming) download, but break up the video in segments and show the sequence in the video player, thus obfuscating attempts to download the whole thing. But these did not constitute a proper DRM solution for Flash.

Now in Flash Media Server 3 [PDF], a secure protocol called RTMPE adds 128bit AES encryption for both streaming and non-streaming downloads. And that’s the magic mushroom here. Security enhancements already present in the Flash Player also prevent cross-application and cross-domain leakages, which amongst other things by default disallows you from loading a video player SWF into a foreign SWF and use ActionScript to take a bitmap snapshot of the video content (though you can give permission to override it). This is not in and of itself a DRM capability, but constitutes part of the DRM solution for the Flash player. Access tokens for authentication with FMS3 are also be a part of the DRM solution.

I find it most interesting that some of the discussion has been around the Adobe Media Player (AMP), and not Flash Media Server 3 (FMS 3), since AMP is actually an AIR application using FMS 3. Goes to show there’s still some confusion out there as to what DRM in Flash really is.

So just so we’re crystal clear, THERE IS CURRENTLY NO DRM CAPABILITY NATIVE TO THE FLASH PLAYER ITSELF. Adobe Flash Player version 9 release 3 currently does not have DRM. It’s mostly in Flash Media Server, which is a SERVER SIDE PRODUCT.

(Granted, the Flash Lite player aimed at cell phones does have DRM capability, but this is not exactly news, nor is it restricted to just mobile video, it’s for all mobile content. So just for the record, DRM for Flash Player vs Flash Lite is talking apples and oranges here.)

So companies unwilling to deploy Adobe’s streaming server solution will not be able to use DRM capabilities for the Flash Player without FLMS3. And even with FMS3, DRM IS OPTIONAL. DRM capability for Flash is here, and now. But interestingly enough, I get a fair amount of requests for video players, and I have yet to encounter a client wanting Flash video that requires the DRM capability — but maybe that’s just me. However, many companies are seriously looking at this new feature as breaking down that last barrier preventing them from considering Flash for video delivery. If a client asks me to build a DRM-enabled video player for Flash, I’ll built it, because figuring out stuff like that is fun for me, it’s what I do.

But this does not mean that every FLV served up on the web will all of a sudden be protected. And DRM is an illusion anyways: bottom line, if you can see it on your monitor, you can copy it; this will never change. DRM is just a deterrent in the great digital cold war currently being played out. So don’t sweat it.

So before anyone spazes out running around like Chicken Little proclaiming the end of free video in flash, get your facts straight.