
How the Kodi Box Took Over Piracy - adidash
https://www.wired.com/story/kodi-box-piracy/
======
dazbradbury
_" In the UK, Kodi boxes have garnered more attention from authorities, thanks
to stingy soccer fanatics driving an early swell of adoption"_

This is very unfair. I don't own a Kodi box, but in the UK it's against the
law to show football games on TV on Saturday between 2:45pm and 5:15pm [1]. So
it's not "stingy" football fans, it's fans that have no other way to watch a
3pm kick off without actually going to the game itself. No matter how much
someone may be willing to spend, a game being sold out / distance from home /
time commitments etc. are all non-stingy reasons to not be able to watch a
game.

It sounds like Kodi boxes have fulfilled that desire, rather than allowing
people to circumvent a paid service as the article implies.

[1] -
[https://en.wikipedia.org/wiki/English_football_on_television...](https://en.wikipedia.org/wiki/English_football_on_television#3pm_.22Blackout.22)

~~~
have_faith
We both know full well that mass football fan adoption of the service isn't
just to watch the odd game at that specific time on one day of the week.

You're right that it isn't strictly "stingy", but wanting something you've
been denied isn't a good reason to take it.

~~~
tomjen3
The standard reason for not pirating is that it cost the producers money. In
the case where they won't sell it at prices (some) people would pay for, who
does piracy hurt?

~~~
have_faith
I don't see "they won't sell it to me at a price I like" as justification for
pirating it yourself as if it's somehow deserved. I would much prefer people
use an argument not based on whether or not the cost means you should be
allowed to have it or not.

------
omg_ketchup
There's a massive gap between the pirate service and the "legitimate" media
service.

For one, you can just type something in, and get the movie you want. You don't
have to navigate between 15 different services, and then find out the film is
only available on mail-order DVD, or in other countries.

For television, the networks are _HORRIBLE_ about providing their content to
cord-cutters. Want to watch the latest episode of Mr. Robot, which airs on
Wednesday at 10pm? You're gonna have to wait AT LEAST until 9am on Thursday
morning, WITH YOUR PAID SUBSCRIPTION. Or, you can pirate it for free.

I'm not sure how many times it needs to be said, but Piracy is not a payment
issue, it's an access issue.

Also, companies being greedy is a bad look. CBS hiding Star Trek behind their
proprietary $10/month service is going to kill Star Trek, because the intended
audience sees it as a bullshit cash grab. Put it on Hulu you greedy bastards.

~~~
bryanlarsen
"not a payment issue, it's an access issue."

...

"bullshit cash grab"

So in other words, it's a payment issue?

Let's say you watch $100/month for cable, and watch about 3 hours a day.
That's over $3/hour. $10/month for 4 hours a TV is cheaper than cable, it's
ad-free (I believe) and it's more convenient.

It's expensive compared to Netflix or piracy, but it can certainly be argued
it's not a cash grab.

~~~
mmanfrin
You missed:

"You don't have to navigate between 15 different services"

I pay for Netflix, Prime, and Hulu -- I won't pay for CBS because there are
already enough services.

~~~
rhino369
Then don't expect all content. Netflix, Prime, and Hulu have more content than
you can watch.

Just don't think that justifies pirating whatever you want.

~~~
kelnos
Content isn't fungible. Netflix, Prime, and Hulu put together may have more
content than you could ever watch (arguably, even just one of them alone
does), but if it doesn't have the show or movie you want, you're boned.

I've had Netflix, Prime, and HBO for years. A couple months ago my gf and I
really wanted to watch The Handmaid's Tale, which is only available on Hulu.
Hulu charges $12/mo for their no-ad plan (hell if I'm going to pay for a
service and still have to suffer through ads). The idea of paying $12/mo for a
single show seemed a bit much to me... in the end I signed up for the free
trial to watch it because I couldn't find pirated copies on Usenet.

Now Star Trek Discovery has just come out, and CBS wants me to give them
$10/mo for the privilege of watching it. No thanks.

It's funny, because we've all jumped at the chance to "cut the cord" and ditch
our cable subscriptions, but we've replaced it with the online version of
exactly the same thing. We still don't have a la carte pricing for TV shows
and movies for the most part. At this point I might be paying more per month
than I used to for cable.

------
microcolonel
Just think for a second about the hyperbole involved in even calling it
piracy. Piracy implies not only theft, which isn't applicable since there is
no deprivation, but the pillage of a vessel on the high seas, and the
kidnapping (and possibly enslavement, slaughter, rape, or drowning) of its
crew.

I think that this (and a whole system of) hyperbole has made it impossible to
even talk about it. _The MPAA and other similar organizations clutch to
legalism, in my opinion, at the cost of revenues to rights holders_.

On-demand (Netflix, Hulu, HBO's online thingy, iPlayer, what have you) has
been the most effective way to actually recover rights-holder revenues. If
rights holders would standardize licensing, and allow a wide variety of
distributors to make consuming their content more convenient and a better
experience than torrenting, then their revenues would recover; and since there
are more people willing and able to pay for a service like this today than
when the recording industries came to be, revenue per head can be lower while
still funding better content than ever.

Added: Another working model is paid DRM-free downloads. I only buy music in
open and lossless formats, which in practice means Bandcamp, a few independent
online publishers (like Hospital Records), and CDs. I pay for it because I
don't want to feel used while listening to music, and I don't want to rely on
ongoing permission to listen to something I've paid for explicitly. This is a
different stage of the on-demand/streaming userbase, when they want to have a
copy of a record which lasts longer than Spotify Inc.

~~~
kensey
> On-demand (Netflix, Hulu, HBO's online thingy, iPlayer, what have you) has
> been the most effective way to actually recover rights-holder revenues.

And yet those same rights-holders seem hell-bent on squandering the
opportunity they were given, by splintering their offerings among their own
pay services instead of offering them multiple places. I already pay for
Netflix. I'm considering paying for Hulu. But there's no way I'm going to pay
Netflix, Hulu, Amazon, Apple, Google, CBS, HBO, Showtime, etc., etc., et-
frigging-cetera just to get access to content I care marginally less and less
about. (Sorry, CBS, I'm not paying your monthly fee just for Star Trek
Discovery no matter how much you think that show is worth it.)

You have the content. People want the content. Offer it on your own services
if you really feel that degree of vanity about it, but also offer it on enough
other major services that any mix of two or three has one that has your stuff
on it. _You 'll_ make more money, _they 'll_ make more money, and _I 'll_ get
to watch everything I want.

~~~
kodablah
> [...] but also offer it on enough other major services that any mix of two
> or three has one that has your stuff on it. You'll make more money, they'll
> make more money, and I'll get to watch everything I want.

I think the prevailing theory is that exclusivity and opaque per-provider
contracts actually make more money. I am not sure if it is true or not, but as
long as the content creators believe it is and the providers cower to them,
there will be no transparency and there will be little cross-provider access.

------
retSava
Argh, this must be so frustrating for the Kodi devs...! There really is a very
strong case for running a Kodi-box for ones own legit collection, and now it's
just mentioned for the (admittedly, probably) not so slight share of piracy.

MPAA and friends has turned their eye on Kodi since a while ago, like Sauron
on the little hobbitses. Could this be a submarine piece?

~~~
snerbles
> Could this be a submarine piece?

Considering that Wired is a legacy media (Condé Nast) publication, it's not
inconceivable.

~~~
Digit-Al
Who would financially benefit enough to pay for it though? There's no one big
seller of the boxes and the software is free.

Edit: For clarification - I'm not saying it's impossible. I just personally
can't see any obvious beneficiary. Would welcome any suggestions though.

------
Overtonwindow
I am adamantly opposed to the MPAA in every way. The movie and television
industries act more like a colluding monopoly than a business. The prices and
costs have risen much too high out of greed, and by some strange quirk,
they're using the legal and regulatory systems to gouge the public. This goes
far beyond just pirating television shows. It's Comcast, net neutrality, set
top boxes, and massive media conglomerates all rolled into one.

------
nickysielicki
Anyone else have fond memories of playing around with a modchipped original
Xbox? I know I do. I think I still have that thing somewhere in a box,
XECUTER3 and all.

I don't think the article makes a big enough point about Kodi being rooted in
XBMC, and XBMC being a project that started on the Xbox homebrew scene. Kodi's
roots in XBMC are inherently tied to piracy, because every early developer and
user had to chip their xbox, and they probably did that so that they could
pirated games. That filters who is going to be contributing and using the
project, so it's no surprise that movie and music piracy addons popped up with
time when you consider that one of the first features of XBMC in the first
place was being a launcher for pirated games.

Don't get me wrong, XBMC always has had a legitimate and legal use case, and
Kodi certainly has a legitimate and legal use today. But the roots of the
project had to do with piracy and it shouldn't surprise anyone that the
project attracted piracy addons and continues to.

~~~
octalmage
I have very fond memories of those days. I remember the first time I saw the
Linux boot loader after a successful exploit using Mech assault, my buddy and
I high five'd.

The project has obviously come along way since those days, and could probably
not be as successful with Xbox in the name or with the stigma attached to it.
Hence the rebrand. Their only chance at making it is to distance themselves as
much as possible from the piracy.

The reason it's attractive to (pirate) plugin developers is that it's cross
platform (they've already figured out how to get it on AppleTV for example),
and a generic enough API. You can write Python to hit a webpage, find a URL,
and tell Kodi to play it. Kodi has also solved distribution (repositories) and
auto updates. I get it.

------
bhouston
I was surprised by how prevelant these boxes are. It seems that every second
family with kids has these and are streaming media to it.

These families had no idea what torrents are, but were using pirated content
basically every day and streaming it a la netflix.

It is the future of piracy for sure. I suspect it is many many times larger in
scope that torrents are currently.

(BTW I do not have one of these.)

~~~
hotgoldminer
I know several people with access to Kodi that don't regard it as
theft/piracy. They become pretty defensive when you accuse them of it. How do
you think IP owners can adapt when piracy is made so transparent that it
doesn't even feel like piracy anymore?

~~~
bsilvereagle
> with access to Kodi that don't regard it as theft/piracy

> They become pretty defensive when you accuse them of it.

I would too!

Kodi itself isn't theft/piracy. Kodi is a FOSS media manager that is extremely
extensible. Several extensions enabling piracy have been created by third-
party developers.

This may seem pedantic, but it is extremely important to differentiate between
a FOSS media manager and piracy-oriented plugins.

~~~
laumars
It's not pedantic at all. It's literally the same as people running torrent
clients on Windows and thus then calling Windows a piracy tool.

The term "Kodi box" really annoys me because the core tools that people buy
these "Kodi boxes" for are 3rd party applications that happen to execute
inside Kodi's plugin system but otherwise are not affiliated with Kodi at all.
They're not even included in the Kodi's official repositories.

------
CaptSpify
It drives me insane that we keep thinking that digital goods should be treated
the same as physical goods. It makes no sense to me that we think of
distribution as "hard". Distribution is soooo easy, and it's effectively free.
The only reason we have these gatekeepers in the way now (hbo, netflix, etc)
is that we haven't figured out a way to fix our antiquated financial models.

I don't see "piracy" as a problem, I see it as more efficient in our current
situation.

------
jdhawk
I'm sure all of these boxes come pre-configured with a VPN Service, but all
the standard protocols can still be detected with Deep Packet Inspection,
something I've seen AT&T do (and block) pretty effectively. I guess there area
always the StealthVPN/Chameleon providers out there that try and mask the
signature of "what" is going over the VPN - but enough of that and I'm sure
they'll nix those connections as well.

~~~
SadWebDeveloper
DPI is a sham, most of those specialized HW (sold by pseudo IT security gurus)
just assume that any VPN connection "is bad" and procced to block them, there
is no way to detect a pattern on a (decently-configured) VPN, there is a
reason China (the biggest investor on that this type of tech) is mandating
Apple and Google to delete all the VPN apps on their stores.

------
alistproducer2
I would totally support micro-payments to content producers as opposed to the
status quo. Until then.....Kodi all day baby! Cut the cord and never going
back!

I, however, didn't buy one pre-packaged. I did it the "hard" way and installed
it on a Rpi3. If only I could play netflix on it, it would be perfect.

~~~
Crosseye_Jack
You need the widevine lib but I was under the impression that recent builds of
kodi could support Amazon Prime and Netflix content via plugins (valid
accounts for both are obv needed)

[https://github.com/asciidisco/plugin.video.netflix](https://github.com/asciidisco/plugin.video.netflix)

EDIT: Reading the issues on the NF Plugin GH seems like you will need a
heatsink for the RPI3 and you are prob only going to max out at 720p

~~~
mschuster91
> EDIT: Reading the issues on the NF Plugin GH seems like you will need a
> heatsink for the RPI3 and you are prob only going to max out at 720p

Why, though? Isn't the Pi CPU the same family that's also in smartphones,
where Netflix works even with the FHD (or Retina!) screens everyone and their
dog puts in a smartphone?

~~~
Crosseye_Jack
It seems to be down to inputstream.adaptive which is the bridge between
widevine and kodi. See all the decoding has to be done in software and atm
inputstream.adaptive isn’t refined/optimised enough for lower end CPUs such as
what powers the RPI.

Remember that the rpi is designed to be cheap. The whole rpi3 board is sold
for $35 which still makes a profit for the board manufacturers and the
Raspberry Pi foundation. So “corners” had to be cut somewhere and using a less
powerful CPU helps keep the cost down.

Note: The devs believe they will be able to get 1080p widevine protect content
to playback smoothly sooner or later, but as of the last time I looked at it,
that belief is a best guess, I dunno if they have optimised the code yet or if
they have changed their opinion of if/when it will be done.

~~~
mschuster91
> See all the decoding has to be done in software

So you're saying that, basically, Netflix is leaving the whole hardware
acceleration capabilities of any mobile SoC and most recent-ish desktop/laptop
chipset on the table and does basically its own decoding from crypted
bitstream to framebuffer?!

Who designed this crap?

~~~
Crosseye_Jack
Sorry if I worded it badly, I didn't mean to imply that all Widewine content
is decoded in software on all platforms, just that's the way its handled on
Kodi running on a Raspberry Pi.

Now i'm not a widevine "Partner" just a person with too much time on my hands
and an interest in DRM. So for anyone who works on kodi or who is reading who
is a widevine partner who's NDA's prevent you from correcting please forgive
any mistakes. This is just my understanding of Widevine.

As I understand it on Android/ChromeOS widevine can decrypt and decode in
hardware but I believe its done via a HAL.

As far as I understand it there are 3 security levels to widevine Level1 being
the highest and 3 being the lowest.

Level 1 is where the decrypt and decode are all done within a trusted
execution environment (As far as I understand it Google work with chipset
vendors such as broadcom, qualcomm, etc to implement this) and then sent
directly to the screen.

Level 2 is where widevine decrypts the content within the TEE and passes the
content back to the application for decoding which could then be decoded with
hardware or software.

Level 3 (I believe) is where widevine decrypts and decodes the content within
the lib itself (it can use a hardware cryptographic engine but the rpi doesn't
have one).

Android/ChromeOS support either Level1 or Level3 depending on the hardware and
Chrome on desktops only seems to support Level 3. Kodi is using the browser
implementation (at least when kodi is not running on Android) of widevine
which seems to only support Level 3 (So decrypt & decode in software) and
therefore can not support hardware decoding. But that doesn't mean that
hardware decoding of widevine protected content can not be supported on any
mobile SoC. Sorry if I gave that impression.

When a license for media is requested the security level it will be
decrypted/decoded with is also sent and the returned license will restrict the
widevine CDM to that security level.

I believe NetFlix only support Level 1 and Level 3, which is why for a while
the max resolution you could get watching NetFlix on chrome in a desktop
browser was 720p as I believe that was the max resolution NetFlix offered at
Level 3 and we had to use Edge/IE(iirc) to watch at 1080p as it used a
different DRM system (PlayReady) and why atm Desktop 4k Netflix is only
currently supported on Edge using (iirc) Intel gen7+ processors and NVidia
Pascal GPUs (I don't know if AMD support PlayReady 3.0 on their GPUs as I
don't have one so not really had the desire to investigate, I'm guessing that
current Ryzen CPUs do not as they currently don't have integrated GPUs).

On Android where Netflix's app believed Level 1 was supported it would request
a Level 1 license and then Widevine would then pass the content off to the TEE
for decryption and decode which would then use hardware for decoding. If it
didn't believe that Level 1 was supported it would fallback to Level 3 which
is why some Android tablets had to run a modified NetFlix app to force Level 1
requests because the official app wasn't tested on that device and was put on
the supported devices list even though it did support Level 1 (running the
modified app on a device that didn't support Level 1 wouldn't result in
playback).

~~~
mschuster91
Thanks for clearing it up!

And... Jeez. What utter amount of bullsh.t and wasted money... everyone with a
bluray drive and a copy of AnyDVD HD can create a perfect untraceable backup
anyway so why do the studios insist on making the experience for Netflix users
as bad as possible?!

------
kyle-rb
>That ease applies to creating the piracy addons themselves. Since primarily
all they do is find existing sites that host pirated content, grab working
links, and present them in Kodi's user-friendly interface, Betzen rates the
complexity about the same as creating a simple web page.

This seems like an oversimplification. Most sites that host pirated content
want you to watch that content within their website; so they can get their ad
revenue and mine cryptocurrencies while you watch. They intentionally make it
hard to get at their content, so in most cases, it's significantly harder than
"creating a simple web page."

------
dvfjsdhgfv
I wonder how these plugins actually works. With traditional pirate sites, the
business model is usually clear cut: webistes get income from ads, uploaders
get money from hosting services and the latter get the money from user buying
their premium accounts. With torrents, there is some exchange, too - each
downloader is a seeder. But in the case of plugins?

~~~
nickysielicki
For live sports it's typically just scripts that extract media from the flash
player sites like firstrow. They piggyback off the content from the ad-
sustained websites, but without showing the ads. The sites like firstrow can't
do anything about it because they are not actually hosting the streams
themselves, they're just embedding players from various live streaming
services.

For movies, etc., my understanding is that it's P2P a la popcorntime.

~~~
dvfjsdhgfv
OK, so if it's P2P, wouldn't it actually make the plugin users liable for
making copyrighted content available (in contrast to simply downloading the
stream)?

~~~
nickysielicki
I did some digging and I think I was wrong above when I made that distinction
about live and recorded content.

P2P can be done for live sports via sopcast/acestream/etc, and (as far as I
can tell) this seems more popular than the method I described above (eg:
ripping content from live stream websites) for live sports, due to the quality
difference.

In addition, P2P addons for movies a la popcorntime do exist, but the biggest
addons that I have heard of: Genesis and Exodus, just rip content from file
host sites.

But yes, if they're doing P2P, they're definitely liable to get letters. I
think people overestimate the frequency of people getting caught for p2p file
sharing, especially for live things that appear and disappear quickly.

------
SadWebDeveloper
Well most of my friend that have one those Kodi-boxes used to paid
subscriptions for pirate-content IPTV providers for Roku but since Roku
started to fightback and ban the most popular pirate content providers it was
only matter of time before they find someone willing to sell them an
alternative.

------
SadWebDeveloper
This fight will end with Kodi removing addon support on the next version and
some fork taking over the work.

------
madengr
I have an Amazon Fire TV running Kodi. I use it for watching the original 26
years of Dr. Who; that’s it.

