I wish everyone knew the difference between patents and copyright.
You can download an open source HEVC codec, and use it for all they care according to their copyright. But! You also owe MPEG-LA 0.2 USD if you want to use it, not to mention an undisclosed sum to actors like HEVC Advance and all the other patent owners I don't remember, because they have their own terms, and it's not their problem that you compiled an open source implementation.
Ah, much better source: iOS is the answer to where the vulnerability was – right in the headline. I could not find that by searching for the usual keywords in the original post.
I see this as an attempt at a lesser evil, and I would support that (see my EME DRM comment), but I have one concern:
Does this new "privacy preserving attribution" feature respect multi-account containers? Or is it somehow not considered necessary, because it's meant to be less invasive than the tracking cookies it's supposed to replace? Call me skeptical for now.
I'm a happy user of multi-account containers, which lets me separate my cookie identities in Firefox. Before, I had to use different browsers for work and private, and yes, it solves this problem, but the best part is that I don't have to worry about tracking cookies, because they aren't tied to my personal accounts: In my experience, I can to a great extent escape the echo chamber I'm in, and the ads I see in it, by just deleting the cookies of my sacrificial default container.
Other than that, considering the status quo – that the web is already an unfriendly GDPR nightmare, I'm positive to the initiative. And because of the power of the default, I can understand that the feature wouldn't likely take off if it was opt-in, so I won't criticize Mozilla for that move either.
This has happened before. Remember the critique against Encrypted Media Extensions (https://en.wikipedia.org/wiki/Encrypted_Media_Extensions): Oh no, DRM in the browser! But remember that web video used to require Adobe Flash for the longest time, and even after a decade of HTML5 video, sites were still clinging onto Adobe Flash (and later also Microsoft Silverlight) for what turned out to be DRM purposes. At the time, these plagued proprietary blobs were not going anywhere. Except, after EME had widely supplanted this last holdout usecase, they were quietly allowed to die. The result is that we have much smaller-scoped proprietary blobs in the form of content delivery modules with a lot fewer bugs and portability issues.
The situation with Flash and Silverlight was better than the situation currently is with EME. Before, you could implement a standard-compliant open source web browser, you just may not be able to view certain non-web embeds. Now, web browsers need permission from Google to view certain kinds of web content, and they can't be open source.
I wish everyone knew the difference between patents and copyright.
You can download an open source HEVC codec, and use it for all they care according to their copyright. But! You also owe MPEG-LA 0.2 USD if you want to use it, not to mention an undisclosed sum to actors like HEVC Advance and all the other patent owners I don't remember, because they have their own terms, and it's not their problem that you compiled an open source implementation.