The steelman is that Widevine is a DRM platform; to tell the difference between a browser and a ripper application it needs a lot of knowledge about the context in which it's meant to run, and how to tell the difference between a 'real' Chrome that follows the licensing rules and a fork of Chrome that doesn't. It should have been obvious to Maddock that he wouldn't be allowed to do this: I'm not sure why it's come up as an issue as a result.
To enable video playback with this new restriction, castLabs has created a fork that has implemented the necessary changes to enable Widevine to be played in an Electron application if one has obtained the necessary licenses from widevine.
So there's a fork of Electron that enables you to embed Widevine, if and only if you have the necessary licenses (otherwise presumably your Electron fork would be detected as a stream ripper).
Thus I'm not sure you're right about that. At any rate, if Electron became a back door to extract content, it'd be remotely detected and disabled. That's the entire point of the Widevine system.
As for "the good guy", gah, please, are we all 10 years old here? Content licensing and copyright enforcement is not a good vs evil fight. Some content producers choose to upload their video as WebM files to free hosting providers and let anyone who wants to watch them. Others stick it on YouTube and ask YT to monetize (means, no ad blocking). Still others want viewers to pay for the content (means, no content ripping). All these are valid economic models that are widely used, and Google obviously wants to support them because otherwise the answer is not "no DRM", it's "no in-browser Netflix".
The issue I ran into was in acquiring the necessary licenses that you mentioned. Verified Media Path (VMP) can be used to verify the authenticity of the browser platform. I believe it uses public key cryptography for identification by Widevine's license servers.
It seems like it would be trivial for Widevine to revoke access if there were ever abuse.
Look carefully at the response they sent you. Their perception is you're asking for a license for an open source product, i.e. a license that would remain valid even as random people contribute code or fork the product. That clearly cannot work, conceptually.
If you had a private, proprietary fork of your browser that was being distributed and nobody else could modify it or contribute code that would undo the DRM, and you were willing to sign giant contracts spelling out in exacting detail what features you could and could not add around video (e.g. no download feature), and the Widevine people thought you'd actually have the financial resources to defend your private fork against hooking, memory overwrite and other attacks (you don't think proprietary Chrome is just Chromium+library, right?) in a long term manner, then they might have been willing to work with you. But then you'd be a company, not an individual open source developer.
Rights enforcement and open source are not compatible.
As for Electron, are you sure? I found this page:
https://electronjs.org/docs/tutorial/testing-widevine-cdm
It says:
To enable video playback with this new restriction, castLabs has created a fork that has implemented the necessary changes to enable Widevine to be played in an Electron application if one has obtained the necessary licenses from widevine.
So there's a fork of Electron that enables you to embed Widevine, if and only if you have the necessary licenses (otherwise presumably your Electron fork would be detected as a stream ripper).
Thus I'm not sure you're right about that. At any rate, if Electron became a back door to extract content, it'd be remotely detected and disabled. That's the entire point of the Widevine system.
As for "the good guy", gah, please, are we all 10 years old here? Content licensing and copyright enforcement is not a good vs evil fight. Some content producers choose to upload their video as WebM files to free hosting providers and let anyone who wants to watch them. Others stick it on YouTube and ask YT to monetize (means, no ad blocking). Still others want viewers to pay for the content (means, no content ripping). All these are valid economic models that are widely used, and Google obviously wants to support them because otherwise the answer is not "no DRM", it's "no in-browser Netflix".