Trying to figure out if the web browser support for DRM also works if you want end-to-end media encryption when you don't trust the server you're passing it through… like, can I use the W3C "Encrypted Media Extensions" for good?
@jamey No, iirc -- unless I'm misremembering, EME is a way to shell out to user-downloaded programs to decrypt the stuff. If you can't guarantee that everyone has that specific program, you can't expect everyone to be able to read it.
The better way to do E2E stuff would IMO be to push for aesgcm:// URLs from XMPP ( https://xmpp.org/extensions/inbox/omemo-media-sharing.html ) to be interpretable by web browsers.
... but actually probably to push for a slightly better version of that standard to be developed -- possibly making it interoperable with https://tools.ietf.org/html/rfc6920 , e.g., or actually thinking of whether /requiring/ HTTPS is good for the general case, maybe be able to upgrade the hash algorithm, and a few other things.
But, that basic idea.
@jamey OOH! Cool!
It doesn't work in Fennec F-Droid on my phone, but I haven't tested it in anything else yet, and the implementation looks about like I expect from what I saw in the specifications for the pile of three-letter acronyms involved here (EME, MSE, JWK) 😅
A Mastodon instance for cats, the people who love them, and kindness in general. We strive to be a radically inclusive safe space. By creating an account, you agree to follow our CoC.