

Reverse-engineering the security model behind Netflix's 'Watch Instantly' service - schapirama
http://blog.pomelollc.com/2009/04/15/on-netflixs-video-streaming-security-framework/

======
imgabe
I think the most effective form of Netflix's security is that the service is
so useful it offers no incentive to break it. Why would I want to go through
the hassle of cracking their DRM and downloading the movie to my local machine
when they allow me to stream it any time I want, as many times as I want?

~~~
schapirama
Yes, it's true: their service is so good that one doesn't feel the need to
abuse their security.

Still, they need to make sure that, for example: \- you don't give your
credentials to all your friends (so that they too can watch movies, without
having to get their own Netflix subscription) \- their content doesn't get
streamed outside of the US, because that would be a violation of the license
agreements that they have signed.

We studied their system to understand how they implement those security
constraints, and how they manage to do it without affecting performance and
user experience too much. The incentive was to learn, not to break their
security.

~~~
imgabe
I don't disagree. Sorry, I didn't mean to imply you were up to no good.
Netflix does have some necessary security concerns, and the article was an
interesting look at how they're implemented.

No security is perfect though, and if you lock something down so tight that
people can't get what they want from it, they'll find a way to break it. I
think Netflix largely succeeds because it makes legitimate uses easy (sitting
down and watching a movie) and only impedes the illegitimate uses (burning it
to a DVD and selling it on the street).

Music DRM failed largely because its security impeded legitimate uses, e.g.
copying your files to a new computer or a new MP3 player.

~~~
schapirama
Agreed. Technical solutions are important to enforce security, but "the human
factor" is essential too.

