What's the steelman argument for Google withholding Widevine from Samuel Maddock? Electron packaging with Widevine is a thing so this seems unusual. If you are Google and you're the good guy, why are you doing this?
With that decision they aimed a very big gun straight at their foot and pulled the trigger. They proved:
1. That they are in a monopoly-like position where they have the power to decide over other web tech projects
2. That they have a very hostile process, not getting properly back to the developer for months. That alone is sabotaging of other projects.
3. That they make the wrong decision, seemingly only protecting their own position, without providing a proper reasoning.
Hear that? That was the antitrust investigator laughing. You can do that if it's about some random tech. You can't do that if the tech is linked to a browser controlling how 60% of internet users access the web, and worse, getting full access to popular stuff/success qualifying content like Netflix for all browser. They wanted that monopoly position when they pushed for DRM, now they have to handle it. Big mistake.
The steelman is that Widevine is a DRM platform; to tell the difference between a browser and a ripper application it needs a lot of knowledge about the context in which it's meant to run, and how to tell the difference between a 'real' Chrome that follows the licensing rules and a fork of Chrome that doesn't. It should have been obvious to Maddock that he wouldn't be allowed to do this: I'm not sure why it's come up as an issue as a result.
To enable video playback with this new restriction, castLabs has created a fork that has implemented the necessary changes to enable Widevine to be played in an Electron application if one has obtained the necessary licenses from widevine.
So there's a fork of Electron that enables you to embed Widevine, if and only if you have the necessary licenses (otherwise presumably your Electron fork would be detected as a stream ripper).
Thus I'm not sure you're right about that. At any rate, if Electron became a back door to extract content, it'd be remotely detected and disabled. That's the entire point of the Widevine system.
As for "the good guy", gah, please, are we all 10 years old here? Content licensing and copyright enforcement is not a good vs evil fight. Some content producers choose to upload their video as WebM files to free hosting providers and let anyone who wants to watch them. Others stick it on YouTube and ask YT to monetize (means, no ad blocking). Still others want viewers to pay for the content (means, no content ripping). All these are valid economic models that are widely used, and Google obviously wants to support them because otherwise the answer is not "no DRM", it's "no in-browser Netflix".
The issue I ran into was in acquiring the necessary licenses that you mentioned. Verified Media Path (VMP) can be used to verify the authenticity of the browser platform. I believe it uses public key cryptography for identification by Widevine's license servers.
It seems like it would be trivial for Widevine to revoke access if there were ever abuse.
Look carefully at the response they sent you. Their perception is you're asking for a license for an open source product, i.e. a license that would remain valid even as random people contribute code or fork the product. That clearly cannot work, conceptually.
If you had a private, proprietary fork of your browser that was being distributed and nobody else could modify it or contribute code that would undo the DRM, and you were willing to sign giant contracts spelling out in exacting detail what features you could and could not add around video (e.g. no download feature), and the Widevine people thought you'd actually have the financial resources to defend your private fork against hooking, memory overwrite and other attacks (you don't think proprietary Chrome is just Chromium+library, right?) in a long term manner, then they might have been willing to work with you. But then you'd be a company, not an individual open source developer.
Rights enforcement and open source are not compatible.
Maybe I've translated it wrong but to me it read like it was based on the assumption that Google is being perceived or actively trying to be the good guy.
I don't think this is how they do anything anymore. They are not "the good ones" and they will probably do anything that fits into their business model or ideas without any hesitations.
