Mozilla will upgrade its Firefox browser with copyright protection technology, fearing a loss of users if they can’t play protected content from services like Netflix, Hulu and Amazon.

The organization has long opposed DRM (Digital Rights Management) technologies, which seek to prevent unauthorized sharing of content under copyright protection. Critics say DRM also prevents legal uses of content, such as a person moving it between two of their own devices.

“While we would much prefer a world and a Web without DRM, our users need it to access the content they want,” wrote Andreas Gal, CTO and vice president of mobile for Mozilla, in a blog post Wednesday.

The DRM specification, called Encrypted Media Extensions (EME), will first be implemented in the desktop version of Firefox, Gal wrote. He didn’t give a timeline. Google and Microsoft support EME, and major content providers also endorse it, he wrote.

EME was developed by the World Wide Web Consortium (W3C) and is designed to let content be played only by authorized users. DRM has long been part of the Web landscape, with plugins like Adobe Flash and Microsoft’s Silverlight supporting copy protection.

The W3C’s EME specification implements DRM directly in the Web stack, Gal wrote. Content within a website labeled with a <video> HTML5 tag triggers a Content Decryption Module (CDM), which can access the keys needed to decrypt the content.

Mozilla has been concerned about CDMs since the components contain proprietary code not shown in the EME specification. The code is secret to prevent users from trying to circumvent playback restrictions.

Firefox’s code is open source, and Gal wrote that “for Mozilla, it is essential that all code in the browser is open so that users and security researchers can see and audit the code.”

DRM can also potentially leak users’ private information, Gal wrote. Many DRM systems “fingerprint” a device, collecting identifying information so they can prevent content from being played on a different device.

Mozilla doesn’t have a lot of choice since it must use a closed-source CDM to implement EME. It has decided to use Adobe’s CDM and implement it in a way that “satisfies the requirement of the content industry while attempting to give users as much control and transparency as possible,” Gal wrote.

Firefox will wrap Adobe’s CDM into an open-source sandbox sealed off from a user’s hard drive and network. The sandbox will only allow the CDM to communicate enough externally to show the content. It will not allow device fingerprinting.

“Instead, the CDM asks the sandbox to supply a per-device unique identifier,” Gal wrote. “This sandbox-generated unique identifier allows the CDM to bind content to a single device as the content industry insists on, but it does so without revealing additional information about the user or the user’s device.”

To prevent tracking across a number of websites, Firefox will change the unique identifier presented to each site, making “it more difficult to track users across sites with this identifier,” Gal wrote.

Mozilla will distribute its open-source sandbox, but the CDM will have to be downloaded from Adobe, Gal wrote.