Hacker News new | past | comments | ask | show | jobs | submit login
Disney+ streaming uses draconian DRM (hansdegoede.livejournal.com)
426 points by toma1k 22 days ago | hide | past | web | favorite | 318 comments

> desktop Linux and many Android devices only support level 1. In this case e.g. Netflix will not offer full HD or 4k resolutions

And yet 4K webrips of recent Netflix shows are readily available on torrent sites.

I don't understand who these higher levels of DRM are trying to target. They obviously don't stop the serious pirates from ripping and sharing the content with everyone. Yet the lower levels are "good enough" to stop average users from trivially downloading and keeping the file, like you might do with an plain, embedded MP4 file.

DRM punishes paying customers and does nothing to stop piracy. It reminds me of those "you wouldn't kill" segments at the start of DVD's that you couldn't skip, but just moaned at you to not pirate the DVD. But the only people they were telling this to was paying customers who bought the DVD. People who pirated the DVD, just plugged it into their computer, ripped out the content then published.

What makes matters worse is they inform the consumer that yes you can just steal the film. I was involved in the Private Server scene in my younger days and a game had a campaign against private servers. Ever since like 90% of the people in that private scene have told me they only knew about it cause of the campaign. You spark the human curiosity and screw yourself.

It's the Streisand effect in action.

We really should remove all definition and references to the Streisand effect. Then everyone will know about it!

Medieval moralists discovered that they could not express in too much detail proscribed sins for the obvious reasons.

The DRM industry has yet to learn this lesson. Thankfully.

> DRM punishes paying customers and does nothing to stop piracy.

I would think DRM stops trivial tools like a Chrome extension that adds a "Download" button on anything you're watching on Netflix.com.

Which is good enough. Because piracy is confusing to most people. Piracy sites are scummy and require tech-savyness just to navigate them and download the right thing.

For example, my girlfriend knows "The Pirate Bay" by name though a torrent client is still confusing to her. First google result for that is https://thepiratebays3.com.

It has a scary and scummy banner at the top: "Official The Pirate Bay Warning. Do NOT download torrent files without hiding your IP! With a VPN you can Hide your IP & stay anonymous, avoid fines and lawsuits, especially in USA. <Link to NordVPN affiliate link>". And searching anything doesn't work for me.

So, I think the war against piracy is more or less won due to how relegated it is to a tiny part of the population that's capable of navigating it.

I know some not very technical people that bought some HDMI network restreamer on ebay, it's basically an HDMI splitter with an ethernet port that will act as a (I think rtmp) server. I didn't check the technicals details, and he uses VLC on his desktop computer to record movies he wants to keep. He does it at night with TV luminosity and volume at near 0.

Of course you have to play the movie/serie in mirror on the TV, but he can record HD (not sure about 4k) movies of whatever plays on the TV. The cherry on top is that he bought 3 IR mirrors (well, it was just aluminum sheets) that he placed strategically to be able to control the IR stuff of the TV from his bedroom.

He was a but uneasy when he showed that to me, but I didn't mock him, I was genuinely fascinated by that setup. For someone who has near zero technical knowledge, this was very good.

I don't really have a point, I just thought of it when you mentioned your girlfriend fear of the pirate bay.

It's not even really about stopping your friend, although I'm sure they'd like to do that too. They want to prevent there from being a zero effort "download button". That's the only advantage of DRM (same with DVD/digital delivery). Even the act of having to insert a DVD, or hit play and manually record is enough to stop people.

If they went entirely DRMless, you'd just be able to copy the content to a thumb drive, and share with friends. Instead, you have to mess around with other software (or in your friends case hardware), that does sometimes "breaks", or is otherwise inconvenient.

It's the same as DRMless games; people absolutely go crazy making copies (even back in floppy disk days). As much as the pirate community likes to pretend they're in it for moral reasons, some of the DRMless games by smaller developers became the most pirated games out there.

It is a very minor deterrent, for people that are too lazy. That's one area where streaming has prevailed over pirating. People can be extremely lazy, and having a convient streaming platform with decent content, is enough for some people not to bother.

Get your friend an HDMI dummy plug and he should be able to turn off the TV. No affiliation with this particular item but just sorted Amazon by lowest price to find an example: https://www.amazon.com/Emulator-Headless-Display-3840x2160-G...

You are right to some extent. Which is good for the copyrighted works but it is also sad. People, with all this beautiful technology are uncapable to understand or use it. Everything today goes down to "simplify usage even if you remove some features as people wont be able to use it".

I still remember days when I was kid, smuggling c64 under car seat into Slovenia (former Yugoslavian republic). All the sofware was sold on flee markets by known pirats. No internet, no manual. But still we were more than capable to grasp software usage, learn to develop in basic, even asm (after getting some book from Austria, german and translated line by line with help of dictionary - I was 12).

It comes down that resourcefullness is coming from lack of something. But today everything is available and no one tries to be resourceful. Probably the decadent part of human evolution.

Anyway, piratebay is part of known torrent scene, but there is also less known part, at least to the public: https://wiki.installgentoo.com/index.php/Private_trackers#Wh...

You don't need a torrent client to watch movies on piratebay.

You don't?

latest uTorrent is just a webapp that streams torrents, there are also a bunch of others.

That's contributing to the death of torrent ecosystems in the same way as Popcorn Time: all leeching, zero seeding.

Yep. 100%. At the same time, torrent ecosystem is a lot larger than piracy and movies/TVshows and actively used to share big data among researches and individual "archivists".

r/datahoarder lives in torrent ecosystem (there are a lot more things there besides linux ISOs)

internet archive is also big with torrent files that have nothing to do with streaming.

why not?

Sure, but why? Do the rightsholders believe that these mechanisms are effective at making them money somehow? How correct are they - are these mechanisms effective at stopping some amount of casual piracy and converting that into purchases?

It's pretty simple: They pay a hot shot company to try and stop piracy and thats the best they can come up with.

Piracy can't be stopped but thats not what they want to hear.

Piracy can be greatly reduced by distributing the content via Netflix but thats not what they want to hear.

> Piracy can't be stopped but thats not what they want to hear.

It can be stopped. All they have to do is destroy the computing and internet freedom we all enjoy today. Can't do subversive things like copy a file if they don't let us run our software. Governments around the world are also trying to erode these same freedoms by pushing encryption regulation.

It seems to me that the approach Netflix and Disney et al are taking is accomplishing just that.

DRM in the browser was step one. No Widevine, or whatever crapware is needed, no Netflix. Next came the limit on higher resolutions. You want Full HD? Stop using a free operating system. You want 4k? Get Internet Explorer, or better yet, get our app on one of the approved operating systems.

The next step is probably to diminish the browser experience even further until enough users have switched to the 'app'. The only reason is control.

It won't drive us away from a personal computer running whatever modern OS we want, but it is slowly creating a majority of people for whom computing exclusively means a managed device with a pre-approved operating system running vetted proprietary applications.

I suspect it will just bifurcate the market eventually.

There was a brilliant moment where entertainment was all going to converge. You'd have your PC with terabytes of storage, stick a tuner card and an Ethernet cable in the back, run the sound out to your thousand-watt 20-channel amplifer, and display it all on your 70-inch flat screen. Broadcast TV, Netflix, Disney Plus, etc, would all just be desktop icons, right next to Steam and Excel. We were hurtling down that road in the mid-2000s (remember WinXP Media Centre Edition?) and suddenly it all jumped the track.

Seemed to happen pretty close to when Digital TV stumbled its way into the US market, or roughly the perfect time for it to really take hold (the classic "record a show on VHS" paradigm was suddenly killed off, and the ever-mutating subchannel lineups makes a smarter electronic program guide and recording functionality more appealing). I sort of blame the cable industry-- apparently it was virtually impossible to get a digital-cable-compatible tuner card for many years-- you had to buy from a narrow band of prebuilt PCs with the cards preinstalled, and even now the companies will scream blue murder over having to supply CableCards (if they even do anymore).

The PC is a do-anything device. Eventually, given the media industry's tastes, it will be the 'do anything except watch name-brand entertainment products' device. I don't think they can undermine general-purpose computing as a concept- there's too many other business cases that rely on being able to run random unsigned software or connect to arbitrary weird hardware.

Instead, Disney and Sony will push hard for various consumption-first or -only devices-- smart TVs, consoles, locked down phones/tablets. I'm sort of surprised they aren't already going for the subsidy model-- get a "free" PS5/Xbox 3&pi;/"smart" television if you'll sign up for years of a content subscription service to feed it.

People will end up having both and being annoyed that they can't converge things.

> All they have to do is destroy the computing and internet freedom we all enjoy today.

That's one of those "good luck" scenarios. Building your own homebrew computer, or your own OS is a hobby for many. If you push the people behind them, and make a market for them, you'll make them popular.

The internet itself is complex, but not so complex that determined actors cannot build their own mesh networks.

And whilst governments are trying to erode encryption everywhere, it won't work in the end. They may be able to take secure encryption out of the hands of civilians, maybe. But they can't take it from the pirates.

And as for the incoming "no one would be that determined" argument, cracking chips to let consoles play pirated games have existed for a long time, and the average person did actually seek them out... And found them everywhere. If you make people build the infrastructure... They will.

Even then, lets say the successfully broke all encryption and all communication - people would just go back to recording from a DVR and selling DVDs on the streets.

> It can be stopped.

In the context of visual/audio (re: the topic), no. Even disallowing encryption will not save companies from simple steganography.

You haven't really seen the VHS age of pirating in Russia and Eastern Europe, have you?

In my corner of EE that was caused by movies being crazy expensive relative to realistic income. Streaming and lower prices now definitely killed a lot of potential piracy.

>And yet 4K webrips of recent Netflix shows are readily available on torrent sites.


>Piracy can be greatly reduced by distributing the content via Netflix

Aren't you guys saying different things? One is saying people already pirate on netflix, and the other is saying netflix removes the need for piracy.

If you're saying the same thing, I would interpret it to mean that piracy is greatly reduced on netflix, but not entirely eliminated. But if that be the case, would that not be evidence of netflix' anti-piracy measures working?

Statement 1: Piracy is inevitable in all platforms and at scale every media property will be pirated by someone.

Statement 2: If your content is available on a reasonably priced and performant streaming platform or is otherwise “low friction” the number of people who will choose to consume the pirated content instead of paying drops off dramatically.

The problem for publishers is that there’s so many different knobs that finding what brings in the most revenue is pretty much a crapshoot.

Exactly what I was trying to get at, thanks.

Content piracy has long been about the exorbitant cost of acquiring content.

If you look at the cost of downloading a full, original quality Blu-Ray rip, then burning that to a dual-layer BD-R disc, you're looking at an hour to torrent plus up to $10 for a dual-layer recordable disc. Compare that to a store-bought copy that's $7.88 and comes with both Blu-Ray and DVD copies, and it's no contest.

Make that store-bought copy $49.95 (thanks, Marvel) and it makes piracy attractive. Add terrible DRM on top and you GUARANTEE piracy, because you're being hostile to people that have actually bought your movie.

If DRM had never been invented, piracy would only be about 5% worse, and your paying customers wouldn't be cursing your existence... but the media companies are too stupid to realize that.

> If DRM had never been invented, piracy would only be about 5% worse, and your paying customers wouldn't be cursing your existence... but the media companies are too stupid to realize that.

The media companies do not care whether their paying customers love them or hate them. What they do care about, though, is when there is 5% less of them.

Remember, big corporations do not just want money - they want all the money (and more).

Removing the reasons to infringe copyright is completely different from making it impossible to infringe someone's copyright.

Netflix is a convenient enough service that makes it easy for people to watch what they want to watch. Most people will just pay for it without thinking twice. It's easy enough that most people won't even consider infringing. Netflix's value isn't just in the content it serves, it's also in the fact it frees people from the non-trivial effort required to "pirate". Private torrent trackers have an economy of their own.

Making it impossible to infringe is extremely difficult. Movies and music are really just information. Extremely big numbers. It's trivial to make copies of this stuff and send those copies over the network. In previous centuries, you needed to be a major industry player and own big machines like printing presses in order to infringe on someone's copyright at scale. In the 21st century it's as easy as copy paste or forgetting to close the torrent client. People might not even realize they are doing it.

This is why a fragmented streaming market will push people towards copyright infringement. Instead of pooling their intellectual property and creating one single perfect streaming service with all the content, they are making it difficult and expensive for the consumer by competing with each other. At some point, people are going to wonder if there's a better way. That's when they'll find "piracy".

My interpretation of the quotes is that if a show is on Netflix, its pirating rates go down drastically, but some shows on Netflix are still pirated. That’s because there is a significant population who pirates only when it is easier than streaming, and Netflix makes streaming really painless, in comparison with other streaming sites like Hulu or CBS All Access. However, some people still won’t pay for Netflix (or for any other streaming service), and they’re the ones that the first quote is talking about.

> But if that be the case, would that not be evidence of netflix' anti-piracy measures working?

No. It's evidence that just having the content available on Netflix will reduce piracy. It is a bit less effective than it could be because Netflix doesn't run on literally everything, mostly because of anti-piracy protections, but it does run on nearly everything, so it's effective.

Those two sides aren't mutually exclusive. Demand for content creates both.

DRM doesn't inconvenience pirates, but piracy inconveniences consumers.

It's inconvenient to free up 50 GB of hard disk space to torrent of a 4k netflix rip you found off some shady torrent site. It's much more convenient to just give netflix a few bucks a month. That inconvenience comes from law enforcement action against pirate sites and many users having trouble managing their hard drive space. Not from DRM.

It may be inconvenient to free up some disk space (citation needed, anyone on HN has probably got terabytes of free space somewhere), but the inconvenience of certain streaming platforms, or even the total hostility to watching anything ad-free (even paid users) will knock people into the piracy camp. There is no source where I can watch AAA movies that I buy on my laptop legally in 4K as it is illegal to break Blu-ray encryption (and I run Linux). I buy or rent movies I want to watch on my Apple TV in 4K, but what am I supposed to do if I want to watch something on a plane for instance?

Anything that is on Netflix I watch. I can’t watch amazon prime on my Apple TV because their region system is broken (yes, if an amazon employee is reading this, please fix having prime in multiple countries) so battlestar galactica and other shows in their catalogue aren’t available come from other sources.

It's not illegal to break copy protection for a work you purchased. There was an ammendment to the DMCA for it -- likely if this had not happened more of the DMCA would have been challenged and struck.

The caveat to that amendment being that you are only allowed to do so using tools you created yourself and you may not afterword share your tools, your methods, nor the decrypted material with anyone else.

I don't see that in there anywhere. More like you can't transfer the material, even to another rights holder, but I still question that. They can't make the sharing of the tools and methods illegal as it'd be against the first amendment.

I'm talking about the typical consumer, not a HN user. Most people aren't running linux, have legal streaming options available to them, don't have terabytes available to them at any particular moment (maybe they have a few terabytes of portable harddrive in a closet somewhere, but not mounted and ready to roll.)

Are there scenarios where typical consumers turn to piracy? Sure, aboslutely. They generally do that when a convenient legal way isn't an option (e.g. region locks screwing them over.)

> Most people aren't running linux, have legal streaming options available to them... Are there scenarios where typical consumers turn to piracy? Sure, aboslutely

my wife - a non-tech person, really - falls in to this camp. she's turned to torrenting things because the experience of streaming is just... slow. and bad. and stuttery. oh, and we still get ads on things (hulu, for one). She figured out how to find free streams for soccer matches - when we paid for "real" streams, they still had ads taking up 20% of the screen. And still somewhat jittery/stuttery (but - those 2 minute car ads at the start of the stream were never jittery).

yeah, the 'free' stuff experience isn't always great, but when the paid experiences are still kinda crappy, what's the point of paying?

You’re probably right, but I know plenty of people who are happy to use putlocker etc who aren’t technically competent at all (and yeah, they sure get malware...)

"Piracy" is inconvenient. It takes knowledge, effort, time and money as well as computing power, storage and network bandwidth to participate in the ratio economies of private torrent trackers. It gets to the point it looks like an enthusiast operation run by people who want the best possible version of everything.

What's truly sad is how so many people find this preferable to paying for the official services. It speaks volumes to the quality of their streaming services. A huge number of people don't even have the choice to pay for the content to begin with: many of the of companies that complain about copyright infringement don't even offer their services outside of the United States. They ignore entire markets and complain when people find a way via unofficial means. It's really hard to feel any sympathy for the copyright industry.

There are some users, such as myself, who find the legal streaming sites intolerable for technical reasons if not ethical reasons. But I think the vast majority of users prefer the legal options when they're available, which is the part the media industry keeps on fucking up.

If they were better at their jobs, better at delivering to consumers what consumers want, they wouldn't have to worry about DRM, piracy, control of consumer behavior or any of this nonsense.

Completely agree with you. If their services were good enough, I doubt they would even need copyright protection to make money. The fact they can't match the quality of a bunch of underground sites despite being a multi-billion dollar industry is a sign the industry is relying on artificial scarcity to have any chance of competing in the marketplace.

> What's truly sad is how so many people find this preferable to paying for the official services. It speaks volumes to the quality of their streaming services.

I was even pirating shows I had access for free on Amazon prime... that just tells you how bad the platforms are, it's not about money.

It's been decades and literally everyone in multiple industries is still refusing to admit they're throwing money after a lost cause? I won't say that's impossible, but the entire idea behind capitalism is that this happens rarely. Eventually someone will realize they can make more profit by not paying for anti-piracy, right?

They cannot possibly actually think DRM stops anything. Maybe they don't get that it's convenience that drives sales rather than the content itself.

I just rented Spiderman on Amazon streaming for like $6, about the same as I remember video rental used to be. I'm certain I could have pirated it if Amazon streaming had not worked on Linux. It was slightly easier and slightly more ethical feeling to rent it from Amazon, so I did.

I have seen a bit of a pattern where content distributors start out by cranking the DRM to 11 and then year over year get less and less worried about it. I guess they realize over time that the DRM isn't stopping anything, who knows, maybe they're using it to provide a PR argument that they're trying their best to push some other agenda.

But I think they know that it's the distribution method rather than the encryption that influences buying decisions unless they magically stop all casual piracy. Be at least as easy as casual piracy?

Baen Books is one publisher who gets it, and makes a profit doing so.

Some of their back-catalogue is available for free on-line, such as David Weber's Empire from the Ashes. Complete trilogy:


(hard sci-fi)

When companies are inefficient for a long time, it's usually because they managed to prevent competition. In this case, they successfully managed to bully the whole world, using the US government, into adopting rules created by US companies. (The idea that a sovereign country - say India - is forced to police 1.5 billion people to make sure they don't use Mickey Mouse in ways that would upset a company in a foreign country is insane. We don't normally care if people in Nigeria cook their leftovers in ways that upset a famous Italian pizzeria.)


Every time you find a problem with capitalism, stop and look again: you will find state intervention in the market, which is the opposite of capitalism. (Free trade between the involved parties, without the intervention of others.)

In this case, the problem starts at the root: copyright is by definition a state intervention in the market. It cannot exist in a free market, because it mandates that someone prevents you from using your own resources as you see fit (namely, copying a DVD you own on a computer you own, using electricity you're paying for).

Kinsella's "Against Intellectual Property" is probably the best resource point out the contradiction between Imaginary Property and the free market.

How do you prevent state intervention in a free market? What prevents the capital-possessing incumbents in a market from saying, "We need a government and an armed police force to enforce intellectual property laws"?

Competition. You hire a different police force to protect your property.

Of course, if one entity has a monopoly over the legitimate use of force in an area, you're in trouble.

That sounds a lot like warring oligarchical or dictatorial nation states with extra steps in practice.

If they manage to get monopolies over geographic areas then yes, you get exactly what we have today.

However, for a couple of years after 1990 we actually had quite a lot of security companies that were competing peacefully in the same areas (Romanian police being absolutely irrelevant at a local level, with the reorganization of the state that was taking place). Of course, once the state got re-established "properly" that was quickly ended.

I think some companies are just looking for the appearance of fighting and succeeding against piracy.

The entire theory of capitalism is that everyone always acts rationally and in their own interest. In reality, humans are frequently irrational and acts against their own interests.

Basically the foundations upon which capitalism stands are cracked and have always been craked. Regulation is what usually fills out those cracks to prevent the entire thing from crumbling.

This view misses much of what has happened in economics since 1980. https://reason.com/2019/10/20/the-third-lesson-of-economics/

Reason (FEE / Atlas Group / Mont Pelerin Society / Koch Network) are feeding their own interest here and are hardly indifferent.

Or correct.

The theory of capitalism is that the means of production are privately owned (as opposed to government owned). What you're talking about is part of economic theory, not the same as capitalism at all.

They just refuse to license their intellectual property to streaming companies that haven't developed "adequate" protection against "piracy". It's all about making a billion dollar investment look less risky in the eyes of executives. I seriously doubt it's helping them make more money.

Any victory against copyright infringement will come from competing directly against it. The copyright holders are too busy competing with each other and fragmenting the market instead of building something that's actually equal to or better than "piracy". It's pretty sad how a bunch of "pirates" manage to provide a better product than corporations valued at tens of billions of dollars.

I remember this being in the context of video games, and from some time ago (so things may have changed with Steam sales and the like), but it said that something like 85% of sales occur in the first two weeks. Thus the DRM was there to (hopefully) hold out for as much of that initial time as possible.

Anyway, anecdotal story, take with (many) grains of salt.

It could also be an attempt to sway the public and their views on piracy.

How correct are they - are these mechanisms effective at stopping some amount of casual piracy and converting that into purchases?

Yes. Contrary to popular opinion among the geek crowd who tend to be very hostile to DRM, the people using it are not in fact completely ignorant and stupid. I write this as someone who used to believe similar things myself in my younger days, but who has now seen both sides of the coin and has moderated some of those views in light of that experience.

One thing that a lot of people don't seem to realise is that piracy often isn't about the price, but rather the convenience. If it's easier to find a ripped copy of something online, for example because it's not available in a certain region from legal sources, then people who want that content will go looking and they'll find the illegal sources. If it is available from legal sources, then to some extent DRM doesn't have to stop someone from being able to find a pirate copy, it just has to make it more inconvenient than finding a legitimate one. Given that any pirate content found online comes with a certain degree of risk, from malicious payloads pretending to be something else, poor quality or incomplete content that frustrates the person who gets it, and in some cases from honey traps that can result in legal action, this isn't entirely unrealistic.

One specific but very important instance of this, briefly mentioned already elsewhere in this discussion, is that if DRM can delay the widespread availability of some popular new work via pirate channels for a few weeks or even just a few days, that can make a huge difference to profitability. There have been AAA games where the DRM has been cracked but not for several months, and that might have saved the developers and legitimate distributors many millions of dollars.

At the other end of the spectrum, there is lots of content that is going to be many orders of magnitude less profitable even with a good run, simply because it's aimed at relatively small markets: niche music genres, software for running some specific type of shop or leisure facility, a documentary programme about an obscure interest, and so on. There is much less desire from the kinds of people who would be able to crack substantial DRM schemes to spend time on these things, so even simple measures can be quite effective in preventing that content from being trivially findable online, thus preserving the limited market for these kinds of products.

And finally, there is the simple but still relevant issue that some people genuinely don't realise piracy isn't legal or that what they're doing is piracy. "If it's on the Internet, it's free, right?" Even the most basic DRM schemes mean people probably have to do something that is clearly not the intended way of getting hold of the content, and that itself can be a useful deterrent for the "unwillfully ignorant" crowd.

> DRM punishes paying customers and does nothing to stop piracy.

That's not necessarily true. I agree with the DVD example, but for example, I've almost never had any issues with Netflix's DRM. I can even pre-load videos on phone/tablet, and for the most part it works as expected. Same thing with Steam, it's fairly transparent to the user.

Yes there are bad DRMs out there, but there can be a balance when done right where it doesn't hurt the customer and provides more value than pirating (like Steam).

The info is there not to stop piracy but as a legal matter in case the customer says "I didn't knew, I wasn't informed".

I'm not sure the "you wouldn't download a car" is legally binding

That one was just confusing anyway, the general response was "if it existed, yeah I would".

> It reminds me of those "you wouldn't kill" segments at the start of DVD's that you couldn't skip ...

Obligatory IT Crowd reference:

* https://www.youtube.com/watch?v=ALZZx1xmAzg

>DRM punishes paying customers and does nothing to stop piracy.

Media companies aren't stupid. They know exactly how much DRM and piracy impact their bottom line. That's why DRM-free distribution is a non-starter for virtually every media company, because it saves them money.

Like all things dealing with bad actors, DRM isn't about stopping behavior. It's about slowing it down and making it more cumbersome

They may not be stupid, but that doesn't mean they're totally rational either (that would be inhuman and I can assure you they're just as human as the rest of us.) Most of these media companies have never even tried no-DRM so a fully rational appraisal of the value of DRM simply isn't possible for them.

The music industry largely went no-DRM (and streaming) and they were totally unscathed. A good quality mp3 or flac file is what, tens of megabytes at most? Really easy to pirate. A good quality 4k rip is going to be tens of gigabytes. Pirating something that large is a hassle for me but inconceivable for some of my friends or family members. Pirating movies and TV shows has always been more niche than pirating music. And the formats easiest to pirate (720p, low bitrate, etc) are the formats being given the lightest DRM.

I wager there are some very human emotions involved in the decision making, namely pride and possessiveness. "We made this so we get to control it." The effectiveness of the DRM takes a backseat.

A good quality (for your average media consumer) 4k rip can be as low as 8gb. Sure it's not blu-ray quality but neither is Netflix, and no one cares. At least where I live, you're looking at 5-15 minutes to download a 4k rip on the average home connection. This is also completely ignoring pirate streaming sites, that while not as popular as they used to be, still exist and are lower friction than Netflix half the time.

I'd wager I know more people pirating films/tv than I do music.

Those pirate streaming sites are such a nightmare of ads and malware, I find it hard to believe many consumers prefer it to legal streaming. The reason somebody would use that is because they can't afford the legal streaming service, or legal streaming isn't an option at all. This has nothing to do with DRM.

And why do they use those shady pirate streaming sites, instead of pirate torrents of higher quality? It's because many of them struggle to find even 8GB of free space. I know some users who view deleting files to free up space to save new files as part of their daily routine. It doesn't need to be this way, but that's the way it currently seems to be.

Early streaming services didn't own their own content but DRM is/was a requirement for most content contracts. I don't totally buy this argument and I think everyone knows its doesn't do much to stop piracy but its just a part of the process now.

> That's why DRM-free distribution is a non-starter for virtually every media company, because it saves them money.

Why is it saving them money a bad thing?

"Media companies aren't stupid. They know exactly how much DRM and piracy impact their bottom line."

Citation needed.

> DRM punishes paying customers and does nothing to stop piracy.

There is a plot twist here: DRM does help stopping piracy, but only for smaller businesses producing the contents that appeals enough to be copied but not enough to be paid for. I'm pretty fine with Steam DRM for that reason, without that indie games will have much harder time. For Disney+, I cannot understand their reasoning at all.

Most games on Steam don't have DRM. Valve's DRM product is called Custom Executable Generation (CEG) and it costs extra for developers to add to their games. Most steam games work fine even if you uninstall Steam and have no internet.

How exactly many games do (EDIT: typo) have DRM? AFAIK the answer is "many enough", I'm unable to give a concrete number but I do recall many games in my library that doesn't appear in a list of DRM-free games. I don't agree to your premise.

(To be clear, I do think DRM---so-called---is very bad in general. I accept DRMs for indie games only because DRMs have been already existed for games.)

[1] https://steam.fandom.com/wiki/List_of_DRM-free_games

That list is community-maintained and almost certainly contains many omissions.

Device manufacturers. Play nice, or we won't grant you the magic pixie dust to play our content in glorious 4k.

To clarify, this isn’t just a cynical comment. It’s actually why digital content producers use DRM. Generally speaking, they’re not idiots, they know it will have little effect on determined pirates and will cause some hassle for some legitimate customers. The point really is so that the digital content producers can maintain control over the providers of computer hardware and distribution channels.

Here’s an old article claiming to be a big revelation, but it’s pretty much common sense and has been fairly well recognized for much longer than that:


Ian Hickson's insightful short essay about DRM was on Google+. But now it's gone...

Not entirely, actually, thanks to the Internet Archive!!!


So the purpose of DRM is to thwart the first sale doctrine?

It is absolutely one prime motivation. “The purpose” is essentially non-verifiable.

Reading that article, it seems to me that the arguments don't fit the conclusions. Media companies may be strong-arming software and device manufacturers, but they're doing so as a means to an end, not an end unto itself. Their motive for strong arming software and hardware manufacturers is their desire to control consumer behavior. That may be slightly more general than "piracy" specifically, but not that different.

Sure, of course they ideally want end to end control. The point, though, is that the argument “pirates will still be able to pirate and legitimate users will be inconvenienced,” while true, is not a great argument for why content producers should stop using DRM, because DRM still works quite well for establishing control over hardware and distribution providers.

I'm not a lawyer, but if we look at the DMCA,

17 USC §1201 (A)(1)(a): "No person shall circumvent a technological measure that effectively controls access to a work protected under this title."

No one is interested in perfect because the actual DRM is only a tiny sliver of the protection. The bulk of it is the threat of having to pay a huge settlement because you don't want to get the piss beaten out of you in court.

>No one is interested in perfect because the actual DRM is only a tiny sliver of the protection. The bulk of it is the threat of having to pay a huge settlement because you don't want to get the piss beaten out of you in court.

I don't find that argument convincing. I can't think of any famous cases of copyright holders or law enforcement going after rippers/encoders (the people who break the DRM and make it available for others to copy), but plenty of cases of them going after people who downloaded the content.

And worse... You could have crappy DRM and if someone circumvents it. Its cheaper to produce and you can still prosecute the rippers.

That doesn't explain the cat an mouse game. DRM schemes are constantly updated to fix issues so that previous hacks no longer work. Occasionally, the industry invests big money into sweeping changes.

If what you're saying is true, you'd expect the minimum reasonable measures to suffice. No need to invest in new methods. Yet they do. I'm sure lots of people would be interested in "perfect", if you had that product to give them; you could be a millionaire, the problem is that it's impossible, as far as we know.

When a bad outcome is assured (piracy from their perspective) the only rational course of action is that which will prevent the blame from falling on you:

"Yes it was pirated, but we spent maximum cash on the very best DRM... what else could we have done?"

I imagine you'd see a lot more casual piracy if it were trivial to copy, i.e., people just sending the videos to their friends.

For every person torrenting there’s multiple getting movies off friends on USB sticks and stuff.

One member of my family does the torrenting for a dozen others in my family, and I know plenty of others that work like that.

I personally do a mix of paying for content and pirating. I’m 100% happy to pay for content if I can, but with geoblocking and platform restrictions and all the other bullshittery, it’s legitimately impossible for me to legally buy half (or more) of the content I’m actually interested in, so I pirate it, and I don’t feel bad for doing so in the slightest.

I also regularly have to pirate things I already own thanks to DRM that doesn’t work on my devices, missing subtitles, etc.

The entire industry is broken and it’s their own fault.

Not sure if applicable to your region but have you given movieseverywhere a shot?

Do you mean Disney Movies Anywhere? That’s a US exclusive, like just about all content these days.


This website, it's not Disney specific, but that sucks. It would mostly be the convenient solution to this problem. If you have a movie on iTunes or Play, it unlocks in the other, and vice-versa.

Mostly so.

With some interesting exceptions, luckily. You can watch Star Trek: Discovery on Netflix in 32 countries, including most of Europe, but not in the US (there it's an exclusive on CBS or something like that).

Pirating is already casual. But situation is much worse.

I can have russian voiceover from 4-5 studios on the next day after popular TV series aired. They even go this far, as to put full time commercials of not so legal online casino web sites. I dont even need to torrent, to watch any tv show next day after air. There is android apps that will allow to watch any show via http or torrent. There is pirate websites with payed and free access. And as I said earlier fulltime commercials of online casinos, that sponsor pirate translations.

This situation is very bad for any commercial tv show services in ex USSR territory. No low regional prices can battle 0 price.

The argument above was that the lowest level of Widevine is sufficient to prevent casual piracy (through that channel), and I agree: It's a lot easier to just torrent a clean version than to dump an encrypted Netflix stream, run some side-channel attack on Widevine (for which the PoC code doesn't seem to be public), then decrypt the dump.

> I imagine you'd see a lot more casual piracy if it were trivial to copy, i.e., people just sending the videos to their friends.

Then just put enough of DRM for that not to happens. The fact that it's working through an app is more than enough. Most people have trouble even getting videos out of Youtube and doesn't know you can find apps to do that.

People share password much more than they share video files too.

My experience with small content producers is that their decisions surrounding stopping piracy have almost nothing to do with the economics of it; it’s an emotional decision. I’ve seen people spend 25%+ of their content’s revenue on DRM.

Now, why the major players also pour money into this stuff is just baffling.

> I don't understand who these higher levels of DRM are trying to target.

They target device manufacturers. If you want to sell a computer/tablet/phone/TV that will play Disney+/Netflix/etc, then you must submit to their demands, pay their licensing fees, and hope you don't anger them. They want to be the gatekeepers to who can make a commercially-viable product.

How those webrips are performed? Are there leaked DRM keys or something like that? I thought that DRM encrypts stream all the way from website to display, so it's quite hard to intercept it.

Pirates cracked Widevine (and possibly other schemes). They have a drop-in replacement DLL (which they keep secret) that dumps the original content of the stream (not a screen / HDMI capture, like the other two comments said). This is called a WEB-DL, while capturing and encoding the stream is usually called a WEBrip.

This doesn't work for Widevine L1, as L1 is handled in hardware. Windows has some interface to the Intel Management Engine used for this, Android OEMs write drivers and ship devices with keys, other platforms are out of luck.

Widevine L1 has been cracked. Pirates gain code execution in the ARM TrustZone¹ and peek into the decryption keys of the widevine module. That's how 4k WEB-DL Netflix content gets pirated.

¹ For example: http://bits-please.blogspot.com/2016/04/exploring-qualcomms-...

That's correct. Anything actually protected by Widevine L1 (meaning no workaround to get L3 instead) would require a different approach than just cracking the library.

If 4k netflix is what protected by their best hardware DRM, then... somebody managed to either exfiltrate the key, or drill the chip and get it extracted physically.

It's not clear. The tools are kept secret to avoid patching. But presumably they reverse engineered it and have a way to capture the raw stream.

I know at one point they were using Roku TVs or Fire TVs which allowed an older DRM standard. Now apparently there's a crack for Windows that's kept underground in the scene groups doing releases.

HDCP has had its master key leaked in 2010. You can also buy hardware over the internet that bypasses HDCP.

Basically this. HDCP 2.2 is "secure", but the previous versions aren't. A company signed the HDCP agreement and got the decryption keys, and made a device that could downgrade HDCP. Apparently this was allowed by the HDCP licensing agreement so it's all legal.


Ok but that will be lower quality. The original compressed file will be decoded and sent to the monitor at full resolution and frame rate, and then the pirates will be able to capture that. Then the pirates will need to encode/compress that for distribution. This new file will be lower quality, I believe.

If you have a good internet connection and graphics card you can just capture the screen and intercept the audio separately. It's got a few artifacts here and there, but nothing that makes it unwatchable

No key involved, but a long time ago, circa 2008, I used to record my TV shows in my Rogers (Canada) PVR. It so happened it had a firewire port, and all you had to do was load the firewire SDK on your macbook, and when you play back your show on the PVR, you could capture the raw .ts (transport stream) which contained the MPEG2 video.

I think that's why most players now have no extra ports besides the HDMI as it was easy to bypass the HDMI protection...if you can call it that.

Aside from this comment[1], DRM prevents casual piracy. There was a point where a lot of my music was cassette tapes with the album written on it with a sharpie. DRM definitely prevents this.

HDCP up to 2.2 is completely broken, so even perfect software DRM has a huge gaping hardware hole, but most people don't have the tools needed to circumvent this.

One person breaking the DRM can make a torrent for all torrenters, but if say 1/4 the population can break the DRM, then people will copy things for friends.

The closest current day equivalent is probably many people sharing a Netflix password.

1: https://news.ycombinator.com/item?id=21307648

This ^

DRM is only to create the illusion of security, to deter the average person, not the determined pirate or developer. Once you've sent the content to the client, you've lost all practical ways to avoid these torrents.

It's all about (pretending to be) protecting intellectual property. After all, a large part of media companies' assets are intangible IP. To make sure the value of that asset is not eroded, companies such as Disney must invest in technologies that claim help protect it.

(Edit: to be more precise, they must invest in tech that maximizes the extraction of (future) value from that IP).

> many Android devices only support level 1

Isn't Android the biggest OS on the planet by # of users?

Wouldn't the impact be huge?

They aren't for the consumer or even product security despite what they say. They certainly pay enough to afford people to tell them the truth - instead they pay extra to get ones who tell them what they want to hear.

As far as I can tell they are a very expensive security blanket for those too tech illiterate to realize that trying to circumvent the analog hole for serial formats is barking madness or as an ass-cover.

It brings to mind the use of polygraphs as similar outright instituional superstitions whose true function is blame deflection.

They're available on torrent sites, but how are you going to watch that video on your Roku, Apple TV, smart TV or whatever? The key here is hardware control. The big players have it.

Plex and similar software are pretty popular. Not to mention most phones can 'cast' to all those devices. Both my smart tv's even have USB ports.

It's kind of funny the number of people responding with Plex. I've used it for years, and it's an effective piece of software but it requires running a server in your house, managing storage, etc. etc... there's no way the average user is interested in doing that.

> it requires running a server in your house, managing storage, etc. etc... there's no way the average user is interested in doing that

Which is why my family, my girlfriend's family, and all our friends just use my Plex server

Plex is just an application. My start, back when it was still Mac-only, was to run it on my Macbook Pro. When the drive got full, I deleted content that I'd already watched.

For a decade now, Plex runs on any Windows / Mac / Linux device. It'll run on a Raspberry Pi. NVIDIA Shield. Western Digital's My Cloud NAS products (from $139 w/ 2TB). QNAP. Synology.

The main obstacle for "average" people is just knowing that Plex exists.

It isn’t just an application, it’s an application that runs on your always-on computer. Which most people don’t have. Nor do they have a Raspberry Pi, QNAP or Synology NAS.

Knowing that Plex exists is certainly one thing. But you still need to run it somewhere.

What's the argument here, that average people are too dumb to know that their computer needs to be on to access something running on it? That they're too dumb and poor to find and buy another device to run their Plex server if they don't want to use their PC?

I think you underestimate people a bit too much.

"Too dumb" feels overly emotive. But yes, I'm saying there is a significant gulf between the average user's current setup (a Roku, Apple TV, whatever) and a server that costs several hundred dollars (if you want anything approaching plug and play) and has to be on all the time, both financial and tech knowledge wise. It's not that users are "too dumb" to do it, it's that it is an inconvenience people are more than willing to pay to avoid.

"You use your remote to choose the show you want to watch, and you watch it" is worth $10-15 a month to people when it's compared to "You buy a server, plug it in and leave it on all the time, maybe be responsible for software updates on a regular basis, and also set up some kind of torrenting system to request the shows you want in advance".

My experience around average income non-tech-enthusiast parents is they have a binder stuffed with $2 pirated DVDs and a USB drive full of stuff they've torrented / exchanged with friends.

Running Plex with whatever computer they've got isn't a stretch.

A Plex server will reach out even if you don't open the port it wants. It doesn't require you manage storage, just have a bit of space on a HDD. Same with a server; it needs a desktop, which only needs to be on when you want to watch something.

> how are you going to watch that video on your Roku, Apple TV, smart TV or whatever?

Plex ;)


Obviously, the point is to screw up the customers - every DRM can and will be broken at some point

I think at this point it's just an excuse for sub-par distribution networks. Or an excuse for poor playback compatibly. Or maybe even a way to save on bandwidth.

It gets them out of any contractual or common law minimum level-of-service complaints.

It’s designed to reinforce the idea that piracy is morally wrong.

It gives content producers leverage with device manufacturers.

> And yet 4K webrips of recent Netflix shows are readily available on torrent sites.

WEBRIP (capture) are worse quality than WEB/WEB-DL (hacked DRM)

So actually you prove their point, they are winning.

The scene can do some WEB, they keep it secret, they even have servers for crew member to use without telling them how.

WEB is probably using old TV software with weaker DRM, hence why 4k is rare.

>Widevine has 3 security levels and many devices, including desktop Linux and many Android devices only support level 1. In this case e.g. Netflix will not offer full HD or 4k resolutions, but otherwise everything works fine, which is a balance between DRM and usability.

This reminds me of my very short foray into streaming services. I purchased a month of Netflix, or rather I got their 1 month trial, and opened the website to watch something. First it didn't open on Firefox, and they told me to install Chrom(ium). I didn't like it, but went away and `apt install`ed Chromium. Then it blocked my account because I was using a VPN. I liked this even less (I gave it a credit card number, so they know I'm not a bot or something using a VPN to hide traffic), but I still disabled my VPN. Mind that these two steps already cost me 45 minutes of browsing through FAQs and forums to figure out.

Then I finally open something, after installing proprietary software, a new browser, and disabling my privacy-protecting VPN. I'm presented with a video playing in glorious 1280x720 resolution. I just laughed to myself, closed the tab, and opened thepiratebay.org.

So let me get this straight. I'm paying for a service and I get headaches, restrictions upon restrictions, and mandatory malware, all for the privilege of watching gimped resolution content? Whereas if I went on piratebay I could get a 4K mkv file I can watch anywhere I want, no internet and no software required? You can fuck right off.

Strikes me as odd how anyone can describing paying for a shit service as "a balance between DRM and usability".

People outside the United States have to suffer through all that for access to a subset of the full Netflix library. And Netflix is one of the better companies in that regard. Most of them simply tell me the content is "not available in my country". And when people ask them why, they have the gall to blame "piracy".

Ironicallly I think this is why the privacy 'war' can never be won by these corporations. I live in a small European country where even if you subscribe to Netflix, Amazon (which isn't officially available here), cable TV, and whatever else you can find, you still won't get a lot of new movies and shows that you may want to watch. The only way you can get them is by pirating them, so that's what people do.

The problem is piracy isnt geo-blocked, so if someone here pirates a movie and shares it, it's also available to someone in the US.

I'm not sure why they keep pushing these technical restrictions, when really the issue is they don't allow people to buy their content in the first place.

Yep, I couldn't agree more. I've tried subscribing to Amazon Prime purely for the shows/movies (not like we have next day shipping or something), and I couldn't find a single movie/show that's not geolocked. Not even their originals.

Ahaha, yes I should also mentioned I did all that to have access to netflix originals and little else.

Well look at it from Netflix's perspective. You are in no way an indicative normal customer. They don't support certain browsers, because there is no need to. Privacy hiding VPNs are used to evade content locking as part of Netflix's business models/licensing agreements, so why would they allow your privacy hiding vpn? I'm not agreeing that they should do these things, but you are approaching a service from a very standpoint, and I can understand why your experience is less than optimal. Being a ubuntu/debian user you must have encountered this before righ ;)

yeah, I'm looking. Dude paid for the content with his credit card. Yet netflix still putting up hurdles after hurdles. No wonder dude ended up on piratebay. If I buy something I expect goods delivered to me. app store, play store, GOG, steam, everything...

But to phist_mcgee's point, if Firefox-plus-VPN isn't a very common use-case, they can afford to eat the cost of that one dissatisfied customer.

I paid for this car but it doesn't works underwater, I been screwed so hard...

You can't support every use case sadly, whatever happens, some people won't be supported because of specific needs. It's sad for sure that not every market is big enough to be supported, but such is life.

At least it was during a trial and he didn't pay anything.

Look at it from Netflix’s perspective: most of their collection has legal strings attached, even most of their exclusives, with substantial penalties if they don’t take measures to encumber content and there’s a real threat of auditors catching implementation lapses. If they use HTML video with EME and someone comes up with a way to copy it, that’s a problem for Google’s Widevine (used by both Chrome and Firefox), Microsoft, Apple, etc. as long as they can show they used the system correctly. Similarly, they don’t need to be absolutely perfect in region locking as long as they can defend the mechanism in court. Similarly, VPN detection needs to be at the level where they have a good chance of avoiding a court case – auditors definitely know to try that.

Now ask how many Linux users running Firefox without the Widevine CDM installed over a VPN there are likely to be and how much revenue that brings in compared to the legal risks of not being able to check those boxes.

You're clearly not representative of the average Netflix customer.

The hand-wringing in this thread is sort of amazing — especially since 99% of the people complaining weren’t going to subscribe anyway.

Look, if there are indeed issues with actual ChromeOS (and not the Chromium variants — but the full mostly-proprietary Google procured ChromeOS), I fully expect that to be fixed — you might not get 4K support (but there are what, 3 Chromebooks with 4K screens? Plus, most streaming services do not support 4K on web browsers period - even Netflix only offers it on Windows. Mac users with 5K screens have to use Boot Camp (and even that isn’t a guarantee) to watch 4K in the browser) — but if Chromebooks are an issue, I fully expect that to be fixed.

As odious as DRM is, I just can’t bring myself to be surprised or overwrought by its existence. Yes, it is largely more about appearances than actually solving piracy — but those appearances matter. The big thing that has pulled people away from piracy is convenience. And with the exception of Linux on the desktop users (a population that is small and only getting smaller, as the main distros don’t even care about the desktop or non-server users anymore), Disney+ seems to offer that. The people that pirate because of DRM would have pirated anyway. I pay and subscribe to more content than 99.99% of the population — but I also download whatever I can’t get from an online service and I feel zero guilt and make zero justifications for my choices. And that’ll remain true for Disney+ — even if there wasn’t a DRM scheme at all (which just isn’t ever going to happen).

DRM sucks, sure, but are we really surprised? And I’m sorry, but I’m not ready to boycott a streaming service with tons of content because it doesn’t support Linux in the desktop.

I probably would pay for it if it had linux support. But since it doesn't, I won't. Every device in my household is either linux or Android, and I primarily stream from desktop linux. If disney+ doesn't work on that there is no rason for me to pay for it.

Interesting. I'd been toying with signing up for Disney+ at some point (when does it even go live officially?). But if this is the case, I absolutely won't be getting a subscription as I use Linux as my desktop OS.

"No Linux support" == "no customer"

While I agree with the philosophy that Disney should try to support as many platforms as possible, I really don't think it will notice the Linux market is missing.

Cost of building and maintaining a Linux client > Potential revenue from Linux users.

Cost of building a Linux client should be zero. It's not because they want to have their proprietary DRM/spyware restricting what you can do.

Ever heard the phrase "piracy is a better service", Disney?

Edit: Cost should be negligible. You should build for web/browser standards, not the OS.

Why would the cost of supporting an additional platform ever be zero?

When the platform is the web browser, not an OS. If I write a website today, it works just as well on Linux, Windows, macOS, or any other modern platform. Other than DRM, there is nothing needed for Disney+ that isn’t common across all desktop OSes.

Oh sweet summer child...

Linux users are already used to zero support, and in this case there isn't a cost to developing a custom client... it's literally just a matter of flipping the "fuck Linux users" switch to "off."

They just need to not develop drm.

That implies they could not offer the service due to the legal entanglements of offering films owned by multiple parties without copyright protection, so it's equivalent to saying "They just need to not exist."

Understandably, they've chosen an alternative.

It's worth pointing out that we're talking about Disney here, who owns likely all of the copyright of their content in full without any legal encumbrances. They're the ones who are insisting on distributing content only with hefty copyright protection guarantees, and they could snap their fingers and cancel that insistence at their sole choosing, unlike (say) Netflix.

And yet Hulu, Netflix, and Amazon Prime all work on my Linux desktop just fine...

Turn off the DRM and the youtube-dl community will happily donate their time and effort to provide support to linux users. Disney needn't pay them a cent.

See edit.

DRM encryption is a browser standard.

Please stop repeating that propaganda. The point of standards is to facilitate interoperability. DRM does the opposite so it can never be standardized, no matter what capitalist-run "standards" organizations say

You can call it "propaganda," but it's documented right here. [https://www.w3.org/TR/encrypted-media/].

If Oauth2 is a standard without defining how authentication servers are implemented and requiring the implementation be disclosed, it's hard to claim EME is not also a standard in the same sense. A standard we don't like isn't propaganda.

Having the EME specification distributed by the W3C appears to be a very effective method of propaganda.

> A standard we don't like isn't propaganda.

A "standard" that doesn't even attempt to fulfil the purpose of a standard is not a standard.

What purpose is it failing to fulfill? It outlines how to indicate media is encrypted and how decryptors can be surfaced by the user-agent.

It doesn't indicate how decryption must happen, but OAuth2 doesn't indicate what standard an authorization server should use to authorize that a client matches a resource owner either.

> What purpose is it failing to fulfill?

Here you are:

> The point of standards is to facilitate interoperability.

> but OAuth2

isn't the topic.

It facilitates interoperability between content providers and user agents to convey and display encrypted media (without the need for one company to own both sides if that pipe, like in the Flash era). Much as OAuth2 facilitates authorization handshakes between services owned by different companies.

Facilitating DRM, which runs counter to interoperability, is exactly why EME isn't a standard.

And please stop spamming your OAuth2 nonsense, it's off topic.

I keep bringing up OAuth2 because it's in a similar domain to EME. Authorization restricts access to resources that users are not supposed to be accessing (for whatever reason, be it privacy or they simply haven't paid to access it).

Similarly, encryption restricts usage of resources in ways users are not supposed to use them (including having not paid for the privilege).

It's not "counter to interoperability" that Google Drive won't fork over your documents to anyone who requests them without the right token.

Your frustration isn't the technology, it's what it's used for. If you want to claim EME isn't a standard, clarify how it differs from OAuth2.

> Authorization restricts access to resources that users are not supposed to be accessing (for whatever reason, be it privacy or they simply haven't paid to access it).

Oh, sorry. I thought you actually knew what DRM is.


> Your frustration isn't the technology, it's what it's used for.

Stop trying to read my mind, it's a violation of privacy and physics.

> If you want to claim EME isn't a standard, clarify how it differs from OAuth2.

If there is no relevant difference, then OAuth2 isn't a standard either. Happy now?

> If there is no relevant difference, then OAuth2 isn't a standard either. Happy now?

In the sense that you've reached the conclusion that your definition of "standard" isn't sufficiently universal to discuss the topic because you've excluded what is generally accepted to be a widely-accepted authorization standard that lacked the controversy over socioeconomic control that the EME standard does, yes.

Trying to short-circuit debate by bullying the field of definitions and declaring the other viewpoint "propaganda" isn't constructive.

Stop twisting my words. Thanks.

Aren't "proprietary" and "standard" mutually exclusive?

Nope. You can have standardized proprietary technology: you may not be able to implement it, but a group of companies might.

Example; Z-Wave protocol.

This impacts those using ChromeOS, if I read it right. Disney May want to support that.

Isn’t ChromeOS Linux under the hood?

Yeah ChromeOS is Linux under the hood. Probably the most mainstream desktop class OS based on Linux. A family member's Windows laptop quit booting up, and wanted a new one. Talked them into a Chromebook since they mostly just use the web, and didn't want to spend a lot of money. Figured ChromeOS would be less bloated than the other traditional desktop OSes too, especially if not wanting to spend a lot on hardware as I feel a similarly priced Windows laptop would be slow probably due to the lower hardware.

Wouldn't surprise me if a lot of kids have Chromebooks too, which would be Disney's target. There's some decent models that are cheap and probably more secure than just giving them a Windows Laptop.

Also recently they added official support for Linux apps themselves, that's in beta called Crostini. They run inside of a container. But before then no Linux apps could be installed even though it's Linux under the hood, but I know there was some unofficial ways.

I was apart of the CR-48 beta where they sent out free laptops to test with. Surprised they did that in the first place, but it just sits in the closet now and very slow, no longer gets updates but used to use it alot more when it was new and feeling special since part of the beta program. So with Linux support, part of me wants to buy a newer one. Could run Node and VSCode on a Chromebook!

* Wouldn't surprise me if a lot of kids have Chromebooks too*

Given how many schools want kids to have portables and Chromebooks have become the cheap choice, this is going to be a problem.

ChromeOS does use the Linux kernel.

Looks like this is more of "requiring widevine level 2/3", their player and DRM should work with Linux Firefox and Chrome with minimal changes.

> Disney+ OTOH seems to have the drm features kranked up to maximum draconian settings

So you figure maybe a week before it's all on bittorrent anyway?

All of the pre-existing content assuredly already is. I'd expect to see the newly aired stuff show up within hours, if not minutes, on the tv sites. Probably before airing, stuff is almost always leaked.

But on the other hand, I suspect that they have run the numbers, and there is so little potential value supporting Linux that it isn't worth the hassle. DRM might just be a convenient excuse.

Most of the stuff already is

If its true that this includes Chromebooks, it could definitely affect a lot of people.

Maybe they won't. That's fine, it's their decision to make. All I'm saying is that I can absolutely confirm that I won't be signing up for a streaming service that won't work on Linux. If the market of people like me is small enough, then maybe it'll never matter to Disney.

I've only signed Netflix after my living room TV was able to directly interact with it, smart TVs run Linux. The second question I made was how I would use it on the TVs that didn't run it, and solved it with a chromecast, again, Linux. Another option is to get one of those media players sold on the internet, again Linux.

What other option is there for people to watch the streaming services? Directly on their computers? I doubt many people will even think about that.

Linux users won't pay for things. It's not worth chasing that market.

> when does it even go live officially?

November 12 in US, CA, NL. More countries on the 19th.

> "No Linux support" == "no customer"

The conviction in this statement gave me a bit of a chuckle. I think most of us commenting here don't share this view.

I think most of us commenting here don't share this view.

Then "most of us" are part of the problem. Maybe the admins should rename this site to "Geeky/Techie/Science-ish News Stuff", because the "hacker ethos"[1][2][3][4] seems to be disappearing from here.

[1]: https://en.wikipedia.org/wiki/Hacker_ethic

[2]: http://phrack.org/issues/7/3.html

[3]: https://www.gnu.org/gnu/manifesto.en.html

[4]: https://www.mozilla.org/en-US/about/manifesto/

AmazonPrime video does not delivers HD content in Linux... I tried everything switching browsers, changing User agent, wine, running virtual box. I seems some type of DRM is not implemented yet in Linux. Netflix is the same I think.

I happily pirate content now.

You can get 1080p streams from Netflix on Linux (for 99% of their collection) by switching your user agent to ChromeOS. Their check is just:

    a = /CrOS/.test(a.userAgent);
    this.Fma = this.Aw = q.Gu.PV;
    this.Qm = [x.$l.nV];
    this.oo = [x.V.vA, x.V.wA];
    a && this.oo.push(x.V.TH);
It very much is _not_ "DRM not yet implemented".

Both Prime and Netflix are fully capable of streaming their highest quality under Linux - if you have the driver support.

Unfortunately they have a bunch of hacky stuff trying to prevent it, rather than allowing the user's browser is to make the decision.

That's one reason I use it. If they switch to nazi DRM I'll drop them. If Disney won't play on Linux meh whatever then on them. I'm sure they won't miss me, and I won't miss them much either.

Actually, you can’t get higher than SD for Amazon Prime Video since they started enforcing VMP a few months ago, which isn’t supported on Linux.

Yeah this means this was a business decision and not technical. They probably looked at user numbers for the different browsers.

I can confirm that switching the user agent [used to] work[s]. (Disclaimer: haven't streamed for a while personally.)

Publishers often refer to copying they don’t approve of as “piracy.” In this way, they imply that it is ethically equivalent to attacking ships on the high seas, kidnapping and murdering the people on them. Based on such propaganda, they have procured laws in most of the world to forbid copying in most (or sometimes all) circumstances. (They are still pressuring to make these prohibitions more complete.)

If you don’t believe that copying not approved by the publisher is just like kidnapping and murder, you might prefer not to use the word “piracy” to describe it.

On the other hand, sometimes "pirate" seems to have a positive connotation.


And interestingly the 3rd highest comment on that video currently is about Disney+.

Anecdotally, that song is quite popular among software pirates.

FWIW I've had varying luck on Amazon; I think it's based on the publisher of the content. Some of Amazon's own stuff works in 1080 on my machine while other movies are much lower quality

Changing the UA to Firefox windows works too. I always get the "best" stream. Also prime music does not work on Chrome/Firefox on Linux solely because they've blacklisted the UA. I keep yelling at them every 2-3 months

Anyone who’s used Disney’s existing streaming service will, I am certain, tell you it it truly awful. It’s incredibly slow, saddles you with massive downloads regardless of device or connection type. The app sometimes just doesn’t open at all.

I really hope whatever they’re making is not based on what they are doing currently.

This whole thread has been rather surprising to me, we've been enjoying Disney+ for a few weeks now and I've been amazed how wonderful all the content is. I've never seen any errors or the issue described in this article (I'm on Mac).

The only thing about the UI that I miss is that it does not respond to keyboard shortcuts (like pressing spacebar to start and stop the playback).

But overall, I've been very happy and impressed with the service.

Are you from the future?

In all seriousness though, how are you able to enjoy Disney+ currently? It has yet to launch. According to the Disney+ website it launches in just under 23 days from now.[0]

0. https://disneyplus.com

It was released early in some regions like the Netherlands for testing and promotional purposes.

Thanks, I of course didn’t read the article before asking my question. Glad to hear it works well so far. Looking forward to it when it goes live. Cheers!

Likely works just like ESPN+, which runs like dogshit on my roku.

I've been using it on a Chromecast. I'm not sure what "wonderful" content you're amazed by - there are some nice movies but I think by next month we will be pretty much out of interesting stuff to watch. And technically it's also not that great - it takes a while to load and in about 50% of the movies I've watched it froze and I had to restart the app.

We will probably stay subscribed though so it's not all that terrible.

If you can watch nearly a century‘s worth of great content by Disney in only one month, you have a lot of free time!

Having had Disney as a client in a past life, I always assume they will go for the most draconian, despotic IP control imaginable...as a starting point.

They are cultural not wired any other way, and cannot be mollified. They are a horrible company.

>In this case e.g. Netflix will not offer full HD or 4k resolutions, but otherwise everything works fine,

I don't understand the point of this type of thinking. Video DRM isn't like Denuvo where it can actually get you a few days or even weeks before any pirated versions exist on the web. If it can be watched by a human pirates will copy it, even if they have to rip it straight from the display controller of their monitors. I have never once had the slightest difficulty or delay in finding pirated versions of video content on Day 1 or even before, and at the highest-produced quality and resolution. Why do providers think making life hard only on paying customers is a good thing?

They do this because Hollywood doesn't understand technology. Netflix understands technology and understands this stops no one, but they are licensing the content from Hollywood, who thinks this behavior actually helps.

Netflix is forced to play ball with them.

Your next question is usually, "Why doesn't the Netflix original content not have these shenanigans then?".

The answer is that most Netflix content is still made by Hollywood studios, so they have the same restrictions. Netflix is only a distributor in most cases, not the content creator.

The other answer is that it is a lot more complicated in the software and for testing to say "can this content be played at 4K based on the publisher?" than to just say, "DRM level 1 means no 4K".

Was waiting for this reply, happy to see it come from the mighty jedberg. For those that don't know, click on his bio, he's definitely 100% spot on here

It's like asking why they bother paying customers with anti-piracy ads at the beginning of legally-purchased DVDs when obviously pirates are going to trim them. It's not supposed to be reasonable.

It's design by committee, it's bikeshedding, it's weird clauses in complex contracts etc... From the right's holder point of view your reasoning doesn't make sense, instead it goes the other way: if people buy our product anyway when we do it that way, why change it? Do you think that when NBC licenses The Office to Netflix they care about Linux users not being able to stream it in 1080p? Do you think Netflix is willing to spend time and money to fight for the tiny portion of the user base who both watches Netflix on Linux and cares for high-def?

Do they actually rip the videos from display controllers? I though they just used those shady HDMI splitters that actually strip the HDCP: https://news.ycombinator.com/item?id=17463105

So, at least from my basic research, the levels seem to be switched in this post: L1 is the highest level, not L3. So if Android and Desktop Linuxes support L1, that should not be an issue. Perhaps its is a minor error and he meant L3.

That being said, is it possible for the user to have their Desktop Linux support L1 somehow? Android is a Linux that clearly support L1 and can show these formats (I imagine), so can that be accomplished on another Linux?

Android depends on the hardware, but generally speaking Western devices support Widevine Level 1 and its implemented in hardware. Desktop Linux will only ever support Level 3.

But Chrome on Windows also supports Level 3, and Disney+ works in Chrome, there, so the article isn't correct.

So I guess my question is why will Desktop Linux only ever support Level 3? If its the equivalent hardware that a Windows device would support L1 (or does that not exist?), then wouldn't, say, an Android device in para-virtualization be able to show you the content in HD? Wouldn't the right pieces extracted from Android and loaded into Desktop Linux allow you to watch L1? Just hypothetically. I guess my question is: is Desktop Linux actually incapable of doing it for some reason, or is it just that no one will ever distribute a distro that can do it out of the box, but you could theoretically assemble it yourself.

Windows and Linux both only support L3, since L1 depends on hardware DRM support. The problem here is that Verified Media Path (VMP) is not supported on Linux. Amazon “solves“ this issue by restricting Linux to SD streaming, but it seems Disney+ doesn’t allow streaming without VMP at all.

Why do say that Linux will only ever support Level 3? Is there some fundamental limitation?

Probably because MS and Apple bend over for producers and put special code in their OS for DRM. You can google for it but here's an example: https://docs.microsoft.com/en-us/windows/win32/wmformat/micr...

This is the same reason that only some Android devices support higher levels of Widevine; Samsung will add code to their OS that allows video/audio to be processed through inaccessible areas of the processor/GPU. If you try to take a screenshot it will just show up as a black screen (same on Windows with the Nextflix app IIRC). Cheapo Chinese Androids and even cheap Androids that you can buy in the US will not do this so they can't play high-res video on Netflix, even if they have a high-res screen.

On Linux this special path is not implemented; anything can see what's going on with the graphics or audio pipeline and record from it.

There's the fundamental limitation that the odds of any maintainer rewriting the entire graphics pipleine to secure the video path from the user for DRM on Linux is roughly zero.

A corporate sponsor might rewrite it... Chrome OS did it after all...

Probably wouldn't get merged into mainline Linux tho due to all the DRM opposition

As always, the pirate bay offers a DRM free alternative. Maybe one day the media companies will learn that the one thing consumers cannot stand is being inconvenienced, even slightly.

As long as their solution provides less value than pirating, or is a bigger pain in the ass than pirating, they will lose.

Unfortunately for them, pirating has become so easy, that unless they become like iTunes, they are dead. Just a matter of time.

I think you greatly overestimate how many people pirate content.

Everyone here freaking out about DRM and how they think they're entitled to free pirate it if Disney don't offer the format they want. While I'm just looking at all my TV's that support casting from my phone by default. Who even watches movies on their computer anyway. Your TV will support it natively if not right away just buy a Chromecast or Roku and be done with it. There are worse things to freak out about.

> Who even watches movies on their computer anyway.

I do for example. I don't own a TV, my beamer is directly connected to my PC. Just because your use case is covered doesn't mean everyones is.

> Your TV will support it natively if not right away just buy a Chromecast or Roku and be done with it.

"If it doesn't work for you, just buy new hardware." - I'd call that entitled. I prefer to just don't subscribe to a service forcing me to buy additional hardware due to customer unfriendly DRM.

I have an HTPC. It works very well. Any other solution would involve compromises that aren't acceptable to me.

I've never understood the pirate mentality as anything other than raging entitlement. If I have ever pirated anything, I certainly didn't do so out of any sense of righteousness, I'd have done it out of greed. No reason to dress it up like I'm some kind of hero.

I was surprised as well to find out that many people here still watch the content on laptop. Everyone’s case is different but if you are going to watch starwars hd then might as well get a nice hd tv and forgot about the laptop.

I like to think that if Disney+ doesn’t work on Chromebooks, the “freshmen hivemind” (aka all of the freshmen) will solve it by complaining to Disney relentlessly. Seriously, not sure if Disney has thought through the market penetration Chromebooks have in the K-12 market AND the correlation between those students/districts and discretionary income for “yet another streaming service.”

Nit, since this confused me when I was looking for more context: for whatever reason, Widevine security levels are ordered in decreasing security (whereas the article has them backwards).

Widevine on Linux only supports L3, which means that there's no guarantee that any processing is done inside the CPU's trusted execution environment. Which, uh, reads as "no security guarantee" to me.

I’m not really ok with other people’s code running on my Secure Enclave.

BitTorrented video has no security guarantee either.

The security guarantee here isn't for the user, though. It's more of a placebo effect for the content producers.

That's the funny thing about this whole thing they keep using terms like security when what they're really talking about is anti-saving/copying/skipping/fastforwarding and region blocking.

In order to get the highest level protection in widevine (the numbering is confusing) the decryption code and secure media path all need to be provisioned by the OEM. In otherwords the “other people” running code in the Secure Enclave is the device manufacturer. If you don’t trust them you are already sunk.

What I don't understand: with highest level protection does HDMI sends encrypted stream which is supposed to be decrypted by chip in display (which should support DRM, of course) or decoding happens in PC and HDMI carried decoded signal? Because if latter is the case, it should be more or less trivial to just save stream from HDMI, so those protections mean nothing and trivially by-passed by available hardware.

Usually these systems require HDCP support, which theoretically allows verification of the whole chain, PC to HDMI cable to display; any "unapproved" devices in the middle would be detected and prevent display.

In practice, the HDCP master key was leaked years ago and it's pretty straight forward to get an HDCP stripper device and a capture card.

> I’m not really ok with other people’s code running on my Secure Enclave.

All the code that runs on your secure enclave is other people's code.

Depends on the device, of course.

Content publishers sometimes demand certain DRM features in order to license their content. For example, they can dictate that only X devices can watch content Y. They can also demand restriction to how content is stored on devices etc. So until the content publishers change their restrictions, DRM will be there and will be annoying to customers :(

Disney owns all the content they're streaming.

Could this be fixed by disassembling the widevine .so/.dll and altering the function that returns the "security level" so that it always returns the highest level?

As I understand it, the DRM authenticates the physical monitor/TV with a key on the hardware. That part is uncrackable because authentication is done on Netflix-side.

But as for whatever is rejecting Linux but allowing Windows/macOS, that has to be completely in-software. I think you are right--this could be bypassed by changing a register value somewhere. This sounds like a fun project.

>But as for whatever is rejecting Linux but allowing Windows/macOS, that has to be completely in-software.

Yeah that's more of what i was referring to.

The highest security level involves hardware keys. You'd have to get a hardware device that supports it and extract the keys somehow

So what hardware device is it interacting with when it is able to run properly on windows and mac? Is there a reason Linux couldn't interact with this hardware in the same way?

There isn't any, hence why those devices aren't certified to the Widevine Level 1.

Maybe SGX? SGX requires kernel support, which Linux currently lacks.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact