
Ask HN: It's impossible to stop someone from downloading a stream, correct? - DATACOMMANDER
I just want to make sure I&#x27;m not missing something. By &quot;[download] a stream&quot; I obviously mean &quot;save video that you&#x27;re streaming to permanent storage&quot;. I&#x27;m doing an interview project that involves working with a &quot;streaming as a service&quot; (terminology?) provider, so I thought I&#x27;d go to PBS&#x27;s website and download some video to use in the project. I found that all of the video there is only available to &quot;stream&quot;, and in fact uses a video player and &quot;streaming as a service&quot; provider that&#x27;s in the same space as the company I&#x27;m interviewing for. Five seconds on google revealed a &quot;PBS video downloader&quot;, which I assume just locates the video segments in the browser&#x27;s temp folder, stitches them back together, and saves them to a location that won&#x27;t be cleared on reboot.<p>My question is basically, &quot;That basic procedure can always be performed and there&#x27;s nothing that can be done to prevent it, right?&quot; Isn&#x27;t the distinction between &quot;streaming&quot; and &quot;downloading&quot; ultimately just about how the video data is delivered? The server is incapable of ensuring that the client doesn&#x27;t save it to permanent storage, and a &quot;cooperative&quot; client can always be modified by the person who controls it to save the data, assuming it&#x27;s physically connected to a storage medium.<p>Am I missing something fundamental that allows there to be a hard distinction between streaming and downloading?<p>NB: I don&#x27;t have any moral qualms with providing streaming video, I just think that the business folks wish that there were a technical distinction that, AFAICT, does not exist.
======
pwg
You are not missing anything.

Streaming is merely a subset of "downloading" where the data is decoded and
displayed on screen as it "downloads" generally without also being saved into
permanent storage.

From the servers viewpoint, it is merely pushing bits to a client.

The client is merely receiving bits from a server (and receiving bits from a
server is downloading).

And, yes, given a technically competent user owning the client, the client can
be modified to save the downloaded stream data to storage.

Much of the streaming work is "security by obscurity" \-- the systems only
provide security because the end user either: 1) lacks the technical knowledge
to save the data or 2) lacks the desire to do so (presuming they do possess
the technical knowledge).

~~~
Nextgrid
The only way to (somewhat) prevent this is if you control the client, like
games consoles and phones. Even then, with enough effort it can be broken, see
the PlayStation hacks and iOS jailbreaks.

At the end of the day, if you're pushing data to a client they can save it,
and if you provide the client but the user still has physical access to it
they can still crack the restrictions enforced by the client and get the raw
data stream.

DRM merely makes this more difficult (and sometimes causes problems for
legitimate users) but can never make it impossible (until quantum cryptography
becomes mainstream maybe?).

~~~
pwg
> never make it impossible (until quantum cryptography becomes mainstream
> maybe?)

Even in the 'quantum cryptography' world it still has a hole. In order for the
client to "use" (i.e., view, play, etc.) the encrypted stream, the client
needs:

1) the encrypted stream data

2) the key necessary to decrypt the data (because without the key, the client
can't decrypt the data in order to play/view it).

Item #2 is where the breaks will always occur, even with quantum cryptography.
An attacker does not have to break the cryptography, they just have to find
where the key exists that allows decryption and once they have that key, they
can decrypt as they like (at least for that stream, assuming one-off
encryption for that one stream).

If you give people a locked box, and you also give them the key necessary to
unlock the box, some number of them will use the key to unlock the box, even
if you tell them not to do so.

------
klingonopera
Not all streaming services are DRM-free, though.

This article [0] is 13 years-old, I wasn't able to find a better source with a
quick search, but e.g. Netflix, Amazon Prime and Disney+ AFAIK have DRM, and
there's a whole scene of crackers around this, if you check Torrent-sites, you
can probably find the aliases of the ones that are currently active.

Looks like you're lucky PBS has pretty lax security.

[0]: [https://betanews.com/2007/08/09/netflix-drm-cracked-with-
fai...](https://betanews.com/2007/08/09/netflix-drm-cracked-with-fairuse4wm/)

------
Rannath
It is improbable to the point of impossibility, and somewhat worse than you've
outlined.

To stop just me a device/service that prevented dling a stream would need:

-strong end-to-end encryption, otherwise you'd just grab the packets to recreate the stream, then save it.

-to be self contained, otherwise you'd just grab the stream from the audio/video output.

-to be tamper-proof, otherwise you'd just bypass the software by messing with the hardware.

------
phillipseamore
True, it's an ideological difference not a technical one.

