Right on it. Most users use the things they do because they're either easy or there is no other feasible choice. Will a user download a plugin when a browser can now "guarantee" most forms of content to play without one? I know I probably wouldn't.
Surely there was, at least, some kind of open-source alternative for getting/fetching/caching these keys? Or does it truly rely on blackbox obfuscation?
The client ultimately has to decrypt the data somehow. So the key is there on the client. I take it obfuscation is the only thing standing between the user and that key. Am I correct about that?
Which makes me wonder: How much security does HTML5 DRM really provide? Security through obscurity is a very weak defense, and one that is almost invariable defeated sooner or later. Will this really prove a hindrance to piracy in the long run?
This isn't security through obscurity, unless the DRM implementation being a secret actually does provide security. I doubt it does, beyond the fact that an audit of the source could probably find a load of security issues.
I don't necessarily disagree. But how, other than through obscurity, does HTML5 DRM inhibit copying, given that the client possesses the decryption key? (Let's assume the would-be attackers aren't dissuaded by any laws that might apply.)
Adobe just became an unwritten standard... again.