That's why Netflix content is available almost immediately on any decent tracker. The quality would not look nearly as good if it was grabbed using a capture card.
Like others have mentioned, it's security theater for the content owners who most likely require Netflix to have DRM in place in their contracts.
: https://cdrm-project.com/ & http://getwvkeys.cc/
When this game was playing out with BluRay, it wasn't possible for the media groups to directly attack the ripper makers because the primary developers were in Antigua which had a WTO ruling against the USA allowing Antiguans to ignore US intellectual property rights. I forget the political background. Later I think someone in China started doing it too. The point is though, that the tech converted (for a time) the problem from one of intractable scale to one of "if we get these two companies then the issue disappears because they're the only ones who have the knowledge". That opens up all sorts of new strategies for the media companies to pursue. They may not work, but, the situation is definitely not the same as before.
BTW video game cracks don't have to be published with the game. They can just publish the patches to the game files without releasing any tools they created to make those patches.
For a L3 example there's one repo  that's kind of still up but not really. Still enough to show that it happened. L1 bypass has also been on GitHub briefly. However these things get deleted rather fast for obvious reasons.
There’s value in even minor hurdles.
They clear think it’s worth it.
> There’s value in even minor hurdles.
The hurdles only exist for the people who are paying them. It makes piracy more attractive relative to paying, by making the experience you get when you pay worse.
> They clear think it’s worth it.
They're corporations. Management is under pressure to be seen doing something about piracy and the DRM vendors saw an opportunity to sell them some snake oil.
Streamers work hard to make their interfaces good and recommendations valuable because that is their value add.
I suspect DRM might be added because circumventing is a different violation as opposed to just copyright infringement.
That is like arguing that "clearly people think fax is secure, otherwise they wouldn't use it". No, it is obviously theater but other people insist you use it and while useless the effort to change it is "not worth it".
Both of the technologies can be seen as "secured" by laws outlawing listening to the information sent in cleartext.
I wouldn't call it "security theatre", i would call it "security through legislation" or something along those lines.
I thought "security theatre" was a routine that promised, but did not provide, additional security, and while there is no technical security, there technically is some security, in the form of legislation.
“Security theatre” is as you’ve said something that people in these circles there around at times when it’s just not accurate.
This is such a weird blindspot for nerds. A cargo-culted relic from a bygone era where digital media consumption was worlds harder than it is now, and the argument against DRM was less wrapped in moral superiority, instead just…much more blatantly being about people wanting to pirate things.
I’ve got no doubt that a highly experienced and motivated hacker could pop any of my stuff in 5 minutes. Doesn’t mean that I’m not putting effort into securing my stuff against the garden-variety script kiddie, even stuff that negatively affects user experience.
An argument that the negative UX imposed by DRM doesn’t justify its benefits (to the content owner / distributer) is at least a little bit interesting. However “it’s annoying to get going on an OS that nobody uses” is a pretty weak argument. As is “it makes it hard to rip content from a streaming service in a way that’s very blatantly NOT in the spirit of the transaction that gave you access to the media in the first place”.
The fact that DRM sometimes slows pirates down for days/weeks/months is just a tiny bonus.
Widevine has various levels, and there are exploits for the lower ones.
But the upper ones really only have a vulnerability if a hardware key gets extracted, and Netflix shows in higher resolutions are increasingly not available anywhere because of that. Stranger things Season 4 was only available at 720p for more than a month.
> Stranger Things S02E09 2160p NF WEB-DL DTS-HD MA 5 1 HDR DV HEVC-FRiENDS
So either the DRM Level was reduced after the release (why would they ever do that?) or it was cracked but takes some time to do so.
It helps to capture the Netflix stream uncompressed to remove the extra compression step you'd otherwise get at capture time, and modern encoders are pretty good, I don't think most people would notice on a laptop screen.
On a 40+ inch 4K TV though, it can be quite noticeable
Maybe someone made a video encoder algorithm that’s tuned toward already compressed and decompressed video.
Though I’m in the camp of watching for quality of the story etc. rather than the crispness of the video. If it’s not worth watching in 480p, it’s not worth watching in 4K either.
All those artifacts keep getting amplified every time you re-encode until it's practically just the artifacts. Every time you render and recompress you're losing information, it's lossy compression after all.
Truly a classic.
Which is... lossy
To be precise it is "The only officially supported way to use Widevine on Linux is using Chrome on an x86_64 CPU using glibc."
In other words, even though I have x86_64 cpu, since I'm on alpine, I'm fucked anyway.
(also how are you even using alpine for desktop. I tried to look it up once and gave up soon)
Paying money and having to install a proprietary browser and run proprietary software to stream low-quality video (not download, or move to a different device), if the company deems it available to you at that particular place and time.
Meanwhile torrents let you start watching most content in under 30s, at whichever quality you'd like, in a convenient mkv you can stick anywhere.
No thanks. I'll stick to patreon and buying albums to assuage my guilty conscience and reward content creators.
So they have a working version of this internally obviously. I guess they just don't ship it stand-alone?
> Earlier, I said that 'Widevine-in-Chrome-on-Linux-on-aarch64' is not an officially supported platform.
> I lied.
> Chromebooks exist, many have aarch64 CPUs, they run Chrome on Linux (more or less), and they officially support Widevine.
The whole post is worth a read. Its pretty sort and well written!
And no, glibc really only work with its own dynamic loader (ld.so), and it has to be with same version.
Widevine is a plugin-like .so meant to be loaded into Chrome/Chromium. Because it uses glibc, the entire process hosting it must use glibc. So, what prevents me from ALSO HAVING GLIBC CHROMIUM instead of musl Chromium? Nothing, but I hope you get that it propagates further and it's a horrible idea to just glibc everything on Alpine.
Sure, but you need it for Chromium alone iirc, no?
>Because it uses glibc, the entire process hosting it must use glibc. So, what prevents me from ALSO HAVING GLIBC CHROMIUM instead of musl Chromium? Nothing, but I hope you get that it propagates further and it's a horrible idea to just glibc everything on Alpine.
Well, don't glibc everything. Just Chromium and its dependencies. How does it "propagate further"? It's not like libraries leak outside where they're told to load!
I want to use the distro (Alpine) packaged Chromium, which links to musl. Not some random Chromium build I found on the Internet. Having to use a glibc Chromium is already too far for me.
Do you suggest that in order to support Widevine, a distro (Alpine) should also build Chromium, Firefox and co also with glibc instead of the default (musl), or provide two varaints?
Even when they have a Chromium with musl as libc working perfectly fine, except no proprietary DRM support?
I'm okay with running a proprietary binary, linked to glibc, by installing the glibc alongside.
I'm not okay with having to randomly change other packages already in my system (in this case, my browser) to glibc variant.
Edit: Oh, and anything Chromium depends on have to had a glibc variant.
I'm not suggesting that it's a good thing that this is needed.
But I do suggest that it needs to be done.
Will, in the sense that, otherwise, people running Alpine will have to say "OK, as it is, we can forget Widevine and Netflix/Spotify" and leave it at that.
That said, since this is something many Alpine users will want, I'd expect to be some known "semi-official" or "reputable third party" build for this, not just "some random Chromium found on the Internet".
If not, personally I'd skip Alpine.
>Even when they have a Chromium with musl as libc working perfectly fine, except no proprietary DRM support?
Well, even then, since this doesn't change the fact that Widevine and thus Spotify/Netflix wont work.
> In the instance of Chrome, the browser doesn't implement the DRM itself, but delegates it to a native library referred to as a CDM (Content Decryption Module).
> This library is an opaque proprietary blob that we are forbidden to look inside of (at least, that's how they'd prefer it to be).
> Graciously, as part of the Chromium project, Google provides the C++ headers required to interface with The Blob. This interface allows other projects like Firefox to implement support for Widevine, via the EME API, using the exact same libwidevinecdm.so blob as Chrome does.
In terms of freedom of using media, I'm less annoyed by Spotify or Netflix than I am by "purchases" of media that have DRM. It's clear that one is renting with the streaming services, but Amazon can revoke permission for me to read books I have purchased or Valve can revoke permission for me to play games I have purchased, we are truly living in a dystopia.
Looking at my Diablo II (version 1.0 2000) and Warcraft III CDs I am given a license key and agreement to an EULA. Unfortunately the EULA isn’t in the box but I’m almost positive they could revoke my key and I’d be unable to play.
It seems quite fair. There’s no mystery that it is a rental situation.
I've used ncspot extensively when on little ARM boxes - it requires a premium account, which I have, and it's just a nice little curses interface to Spotify, written in Rust, that seems to work on everything with a minimal of resource use.
All of the native desktop clients (psst, spot, etc) are missing quite a few features compared to the official client, and spotify-tui is nowhere near as nice to use.
Spotifyd on my laptop (often started initially with connect) is my primary method of listing to Spotify.
I'm guessing you have an x86_64 Mac and not an arm64 Mac?
Hard agree. There was so much nerdrage when the EME was being considered for standardization, as if by not standardizing an API we'd be preventing DRM from existing. People acted like Tim Berners-Lee was stabbing the collective internet in the back when he endorsed it.
The choice was between a standardized web-based DRM, or a wild west of incompatible proprietary DRM. Personally, I'm glad I don't need Silverlight to watch Netflix anymore.
I agree. But that wouldn’t lead to more content freely available. It would lead to more content being locked in apps and unavailable in the browser.
Do you think they would’ve made an app for Linux? I don’t.
The dream that all content be available DRM free isn’t happening any time soon. Rights holders clearly don’t want it and I don’t think anyone could marshal a big enough boycott to change that.
So the choice is DRM or no content at all. Given that EME is a good outcome.
By the beginning of 2007, every music service that wasn’t iTunes had failed to gain traction. The record labels wanted Apple to license FairPlay. Apple refused and Steve Jobs posted “Thoughts on Music” to the front page of Apple.com where he gave the music labels an alternative - license their music to everyone DRM free.
> The third alternative is to abolish DRMs entirely. Imagine a world where every online store sells DRM-free music encoded in open licensable formats. In such a world, any player can play music purchased from any store, and any store can sell music which is playable on all players. This is clearly the best alternative for consumers, and Apple would embrace it in a heartbeat
The record labels wanted Apple to give them a cut of each iPod sold, allow variable pricing and allow more music to be bundled instead of sold as singles. Apple refused. Some other places like Amazon and MS acquiesced.
Apple then released the iPhone. But didn’t have the rights to sell music over cellular. Both sides came back to the bargaining table and by 2009, iTunes music was DRM free.
It's mostly devs who obsess over the downloading and running of programs as if it's a great torment. Users don't care much. They're happy to go grab things from app stores or even just download and run them. Notch was able to buy a massive mansion in Beverly Hills on the back of people downloading and running his Java desktop app.
I wonder why.
But it makes music the one digital good I don't torrent on the reg cuz it's easier to just search it up on Amazon than on some torrent site. (The one weird exception is discographies, since they don't sell those for some reason. For them, archivists' torrents got you covered.)
If anything the video industry appears to have “learned the lesson“ of the “screw ups“ of the music industry.
It's not a gamedev situation, where DRM lasts long enough to make impact on initial sales. Pirated Netflix shows appear on the torrents same day, and unless they have full-stack protection from the decoder to the screen, not much can be done.
They seem to make user experience worse for nothing.
Well that investment is pretty low since Widevine is quite easy to integrate and the licensing cost is 0 for Netflix.
The thing is, you do need some Digital Rights Management somewhere. If you just have clear-text mp4 with no auth, you can just share that mp4 url, and you could watch movies directly off Netflix servers (so it would cost even more than torrenting).
You could include temporary tokens in your URLs, but then you need your CDN to be a bit dynamic.
Or you could have a completely static CDN, but the files are encrypted, and you download the encryption key off a server dedicated to DRM that will check you're properly authed. And well, here you've re-created Widevine. Widevine do provide more protections than just that, but that's just free for Netflix, they literally just have to switch some booleans.
> They seem to make user experience worse for nothing.
Yeah I mostly agree. As I mentioned before, there are some usages of DRM that are not completely non-sense. What kills me is the HDCP requirement. Many TVs have HDCP compatibility issues (for instance my Samsung TV has the two 4k60p yuv444 hdcp 1 ports and one 4k60p yuv420 hdcp2 port, so I need to chose between 4k content and true 4k resolution), while HDCP2 is utterly broken: you can find decrypting dongles for 20€ directly from Amazon.
I don't think anyone's suggesting that there's NO authentication. Authentication is a relatively trivial, commonly-accepted necessary nuissance that is distinct from DRM.
You seem to think not having this specific DRM mandates a particular transport and authentication scheme? These are not at all related.
Really it sounds like what is being requested is that there not be non-portable binary blobs. That's it.
In some cases you might get 720p (Netflix content) instead of 540p (third party) with widevine L3.
I doubt it's a significant cost center. Plus, right management is viewed favourably by the rest of the entertainment industry. Actively going against the grain would impair their image with their commercial partners.
I honestly think they don't care at this point.
If you could just right click and choose “download” for any Netflix original don’t you think that would be a problem for them?
Casual pirates wouldn't bother right-clicking in the first place unless it's to store a local copy that they won't even know how to share effectively (since they're casual).
The only thing DRM achieves for netflix is deterring new customers and hurting existing ones.
For the piracy scene, sure. It’s irrelevant.
But for normal people the difference is huge. They may not know how to pirate content, where to go to find it, or be willing risk downloading it and getting in trouble (scary FBI warnings and ISP letters).
But once it’s trivial due to the lack of protection it will be all over TikTok and FB and WAY more people will pirate. Those are the people DRM, even light DRM, stop.
The fact they can’t do that is a benefit.
Out of their more than 231 million subscribing households around the world, I don't think more than 5,000 feel the way you think. Even if 55,000 felt that way it doesn't matter.
If we accept that enabling DRM on some of their content has some value to Netflix, which it obviously does, and we accept that it doesn't impose unacceptable user experience tradeoffs, which it obviously doesn't, then it is rational for them to enable it on all of their content.
There is probably a hypothetical cost/benefit break-even point where it actually degrades the user experience a little and thus is only acceptable in cases where it is absolutely needed, but it seems unlikely this is significant enough to even be quantifiable.
Is it? Anyone is able to use obs studio these days, you know, to be an influencer. It is all I needed to "backup" offline versions of some shows for my kids before we would take a plane. I am pretty sure I could have torrented them out as well.
This is obviously what we would actually want.
Buffering delays can be greatly reduced, if not eliminated entirely, by simply sending the whole file but in the past many upstream content providers insisted on limits for the amount of buffering/storage in the client.
Fortunately you can now download entire videos in the app, though they're undoubtedly encumbered by DRM of some sort.
They definitely license music for their original which likely requires requiring DRM.
They would make offend influential huge organizations in the background of copyright monetization which could cause them tons of problems.
This is also why streaming video catalogs in Netflix and other providers can be anemic at times—even assuming nothing is exclusively licensed elsewhere, it's cost-prohibitive for Netflix to license all the media out there. Instead, they license popular stuff and use the rest of their licensing budget to rotate in/out a selection of less popular content.
There are probably millions of people subscribed to Netflix merely because pirating Netflix content is inconvenient enough to make people rather pay. How many would reconsider this if the user experience of pirating was exactly as convenient as a paid Netflix account?
Most probably enough so that enacting DRM is the smaller price to pay.
The people extracting the content are people who do subscribe. The user experience of the people who pirate instead of subscribing is completely unaffected by DRM because the DRM is removed by the time it gets to them.
All the DRM does is make the experience of piracy better than that of subscribing, by inconveniencing paying customers and not pirates.
Notice that the people complaining about DRM are almost never pirates, who have cracked it all already. They're people who want to pay Netflix money so they can watch Netflix on their weird Linux setup or whatever instead of just downloading whatever they want in the Netflix catalog from the piracy sites, which would be much easier.
You can make this argument for DRM on games, because there is no analogue hole - I can't record me playing a game and give someone else the exact same experience (although some publishers try to restrict this too, not realizing that streamers and youtubers are just giving them free advertising by playing their games).
It took a day to get onto the torrent sites.
So that was the first instance I've seen where buying was better than pirating.
I did see comments on the torrent sites from people who were there because their legitimate paid setup was deemed incompatible with live streams by Netflix though... Not a great incentive to keep paying.
Just reminds me of years ago when building websites for clients they always wanted me to block right clicks and put a transparent image over a jpeg so people can't right click/save even though I told them it does nothing against people who want to copy the image. "But it's a bigger hurdle to do so!" well, not really.
But, it literally is.
Doesn’t really matter much though in most of the world as it used to though.
See the difference between a scene WEB release and a P2P WEB-Rip.
> The landscape of the WEB scene has changed in the last four years.
> Subsequently, the ability to defeat DRM has become ubiquitous.
IIRC you can only play 4k Netflix on a smart TV which controls the entire stack from network to pixels
Evidence does appear to point to you being right, but I really wonder just who is going to these lengths to pirate things for other people?
A significant investment of time and money, from highly a highly skilled individual, for... bragging rights? Is there some financial motive I'm unaware of?
Content owners really seem to underestimate how far people are willing to go for kudos alone on setup cost if the reproduction cost is zero.
Also for some people it's a point of philosophy / concern about future-proofing. Guy I knew back in the day was the biggest torrenter around... He was stuffing a hard drive full of '80s cartoons. His attitude on it was that the creators and owners did not care if those half-hour toy commercials would be around in 100 years, but he did.
Looking at video games today, riddled with DRM reliant on the server infrastructure of a finite life company makes me sad.
As other people already said, some people do it purely "for the just cause". But the piracy is also a literal gold mine if you're able to manage legal risks. Basically, you take ripped content and either re-sell ad-free access worldwide (Netflix is really, really limited to the first world), or make it available for free with heavy ads, or both.
I know this was the incentive behind a lot of the people financially supporting the warez scene in the past.
The people breaking the systems and the people doing most of the pirating are different.
DRM breaking is a fun challange to some people. You can find these kinds of people breaking all sorts of things. Browser sandbox escapes, remote code execution etc. The mindset is well described in the article here as I can only solve a problem if somebody else implies that I can't. It's a fun challenge! Plus if you do it before others, you get to feel really superior.
The actual pirating is however done by different people. Usually initially by close acquaintances of the DRM breaker, but the methods tend to spread/leak.
Precisely the opposite. We do it for free because other people do it for money.
That being said, It's still utterly broken because you can buy HDCP 2 disabler from Amazon for 20 €
Reminds me of when I visited friends in Germany and they kept talking about their handy and I eventually figured out that’s a cell phone.
Netflix won't allow TV makers to make their own Netflix app, they must use Netflix proprietary code as-is, and it's Netflix code that download chunks and forwards them to playback, while TV handles the secure video decoding, so TV can't "control the entire stack"
Also, tv boxes are allowed to playback 4k Netflix just fine without controlling the screen.
All the Netflix shows you can download on the internet do include the 4k versions.
Maybe they'll obsolete older 4k devices that are deemed less protected (though I could probably point them "a few" security flaws to Netflix-endorsed 4k devices so that every is on par), but I doubt it. I don't think anyone ever done that (720p has always been fine without HDCP, 1080p with only HDCP1, before that macrovision was non-breaking) , and I doubt Netflix would want to push that badly towards e-waste.
 There has been few cases of some devices being revoked, like Nexus 6, but it was usually long after their shelf life anyway
This hasn't been consistently true for a while. Stranger Things season 4 did not appear in high resolutions online for a month after release.
Furthermore it is _not_ Netflix decision, but a decision legally forced onto them by companies which whole purpose it is to make money from selling copyright which have huge legal influence in both the US and the EU. (Through Netflix does has some influence on the legal framework leading to to, but very limited compared to e.g. Disney.)
If Netflix wants to have any 3rd party content, even "old crappy stuff", they need DRM (or way more power/influence). Even for first party content due to round about legal things they might be required to have DRM, I think. (But I am not completely sure).
And - IMHO - it works.
I used to use Bittorrent quite a lot. There was a bunch of US shows I watched that were unavailable in Australia and so I had a pretty decent setup where things would automatically download when torrents were posted.
Life happened, I stopped using it and haven't really tried torrents for maybe 10 years.
I tried to get a show recently that isn't available here. Wow, that's a pretty bad experience - try to find the correct show, work out what client you need, find one that has seeders, downlaod one and the codec is wrong for my device etc
I just gave up.
I can get NVidia software working on non-standard Linux builds (which I think is a pretty high level of technical competency) but for most people getting pirated content isn't worth the effort.
By putting DRM on the content, they limit distribution to people who know how to remove it and then to people who are experienced at finding what they want on pirate sites.
TL;DR: The user experience is much better for most people. Pirated content has such a bad user experience, but people who use it have invested a lot of time working out what works and don't realize the effort it takes.
Go to torrent site, download torrent, click on file. It really couldn't be easier. There's no DRM on the torrent. If you have a semi-modern GPU you can play any codec you might download. I'm really not sure what you're talking about, unless you're going to some weird torrent site.
Piracy has a great user experience compared to paying for DRM and having to use a particular app instead of your preferred player.
I want to watch The Climb 2023 S01E01. I Google "The Climb 2023 S01E01 torrent"
First result is www.stagatv.com/series/the-climb-s01 (not linking because it is spam)
Hmm nothing else useful on the first page except this: In response to a legal request submitted to Google, we have removed 1 result(s) from this page. If you wish, you may read more about the request at LumenDatabase.org.
Ok, lets look at that. Hmm a random list of very spammy domains like 123movies dot unblockall dot org. Hmm these don't seem to work.
Ok what about my old torrent sites. No, they are all down.
ThePirateBay! Yes I remember this....
Oh where has it gone... Oh I need "The Pirate Bay Mirror" now? Oh there is a Reddit: https://www.reddit.com/r/TPB/
Ah.. I need invites. No, maybe mirrorbay dot org?
Ok, search here: Yes, found a WebRip! I remember this...
Oh.. zero seeders? Ok try another? 1 seeder? Hmm
Can I use this in WebTorrent? Hmm doesn't seem to do anything.
Ok, I give up.
Opens Netflix, but it’s not there? Huh, this show is licensed by BarBaz company, so goes to their website.
Good, it’s here. Wait… “Watch” button is greyed out? “Content is not available in your region”?
Or simply the company decided that your device is not good enough to play the video at full resolution (e.g. Apple TV does that in LG TV app), and standalone device is like 3x overpriced in local stores?
OK, searches for some random VPN (that’s the part where spammy domains and adware come into play). Finds something that seems to be working.
Or not? Searches for the problem, and oh no, the region lock is actually based on the account, and to change that you need to use a card or ID from that specific region or whatever.
Searches for this stuff (more spammy domains), finds a marketplace, gets scammed but luckily there is a buyer protection so gets refund.
Gives up, opens some popular torrent tracker/forum, downloads 2160p HDR/DolbyVision WebRip/BDRip, can watch with friends offline at a local party.
First, Google heavily censors results nowadays. You will get much more results with say Yandex.
Second, TPB is no longer the best public torrent host. For public sites rarbg and 1337x are better alternatives.
Also, for anyone actually doing this kind of stuff regularly, the key is to enter the world of private sites. There is more than enough public discussion around them on sites like reddit. https://old.reddit.com/r/trackers/
So, it's still really easy. Your knowledge (like TPB) is just outdated. However for people who have equivalent modern knowledge, things are simple.
Again, it's all easy enough, but..
It's not time I'm not prepared to invest anymore.
And to go back to the point: this inconvenience is why Netflix keeps DRM.
https://en.btdig.com/search?order=0&q=climb%20s01e01 (might be slower but just click on every magnet on there and see which one is quickest)
Took 5 seconds to find those.
You could google "top torrent sites", enter one search and be watching that show in less time than it took you to write that comment.
As others have said, it would take me a lot longer to find out which of the myriad streaming services actually have that show, and what device/app I need to actually watch that streaming service.
The other way is fire up a VPN (I suggest Mullvad), setup port fowarding in Mullvad once time, start QBittorent, search in QBittorent, done.
Yeah, not "easy"... But there are guides.
I've set up Prowlarr with the recommended torrent sites and have found two torrents (h264 with 4 seeds and h265 with 9 seeds at 1080p, or h264 with 3 seeds at 480p) for your query; it took me no more than five seconds. A torrent client isn't enough these days, unless you like wasting your time on Google, but there are technical solutions for that!
Combine this with Sonarr and you can simply add "the climb". It'll download all the episodes for you, and optionally start downloading new ones once the next season comes out.
I can't find where I would watch this show legally. The local copyright lobby has set up a nice website where you can look up legal sources for TV shows, but it doesn't even list the show, let alone show the normal "not available right now" message. With legal-ish access to Amazon, Disney+, HBO, and Netflix through my accounts or those of friends, I'd expect to find it somewhere but I'm not going to bother manually searching through all that.
There's an opportunity for media companies to take Sonarr and make a version that just redirects you to the services you're already subscribed to. They'll have to find some data source for situations like "season 1 is on Netflix, season 2-4 are on Amazon, season 3-5 are on Disney and the specials are on Paramount+" but the industry have done that to itself so it may as well fix it.
Piracy is still often the easy way out for me now that I have the *darr collection set up. There was a short time where practically every streaming show was on Netflix and piracy was the stupid, difficult way to watch shows, and I actually kind of liked it. Then the industry had to fuck it up for itself by splitting off in a million different subscription services.
Hell, nontechnical people still resort to piracy despite their inability to use torrents. For many, 123-super-movie.entertainmenttonite365.biz or whatever you call it is good enough. These websites, seemingly designed as a benchmark for adblockers, are hard to find or navigate but are still considered better alternatives than the restrictive, annoying, often expensive streaming services.
My theory is that that's for one simple reason: you can find a link on Google and just start watching. No need to open seven different apps and do the search over and over again, waiting several seconds for animations and sign-ins.
Some people may do it purely because they don't have the money to spend 20 dollars on watching two episodes of a show, but the same was once true of music and Spotify mostly fixed the music streaming market for consumers, and youtube caters to the rest. Even the people using weird streaming sites don't download mp3s anymore!
The user experience worse for all of the Linux users who want to watch Netflix on a computer? What percentage of the market do you think that is?
Like, it's terrible specifically for browsing, so its being oriented around browsing isn't really a defense of how shit it is. Sitting there chatting with someone about what to watch and you have to keep moving from thing to thing constantly or it screams over your conversation and/or shows you spoilery, distracting shit. WTF. A few others autoplay or play clips/trailers but without sound, which still sucks but is at least better. I shouldn't have to slam the mute button every time I return to the menu just to keep Netflix from doing stupid crap it shouldn't do in the first place.
Allow me to filter (and sort results) by playtime, IMDB/Letterboxd score, original language, whether I have watched it before, ect.
If I don't already know the name of a movie, I just need Netflix to show queries like "a French movie shorter than 2:20h with at least 3.5 stars on Letterboxd".
My experience has been that even managing 1080 on a nix platform the experienced quality is substantially worse. Thoughout I was going insane, but checked bitrate and sure enough netflix at 1080 was streaming at much lower rate than on windows 1080.
I jumped through all the hoops suggested at the time by the various get netflix to work on linux guides. Extensions and right browser and DRM enabled and whatever other stuff they recommended.
No dice on comparable quality.
I should add that there is always the possibility that there was some gfx driver or codec dynamic at play that I don't understand...but ultimately if it's visually noticably worse that's a fatal flaw regardless of reason.
Would be nice to crowdfund a lab to break these hardware backed treachery schemes.
Proper security means that the attacker should never be in possession of the key.
When you say the attacker “only” needs to get them out, the “only” is doing a lot of work, there.
I'd say handing the key to the attacker in a package that requires somewhere between a skilled reverse-engineer and a semiconductor lab to untangle falls far short of that standard.
The only reason L1 doesn't prevent people from pirating 4K HDR movies is because the Nvidia Shield has a bypass, and Google is too afraid to revoke its keys (or maybe Nvidia is paying millions of dollars a year to rights holders for their 'lost sales' from pirated movies at the hands of the Nvidia Shield).
Not that it really matters, since HDCP has been cracked. There are a lot of holes here and a lot of problems with DRM.
My impression is the stuff coming from the various streaming services is not captured and reencoded, but direct bit-for-bit copy of the original H.264 (or H.265) encoding (sans DRM). (Yeah, others will do reencodes later but quite a bit of the source material encoding comes directly from the streaming sites.)
In L3, you can obfuscate the cryptography and the video codecs together as a unit, blurring any defined border between them. A determined reverse-engineer can inevitably unravel that obfuscation, but it's non-trivial.
In L2, there must be some interface between the hardware and software components. That interface presents itself as a very obvious weak point. As an attacker, all you'd have to do is watch the data flowing out of the cryptography hardware, and into the video decoder software, and you'd be able to siphon out the plaintext video data.
(To be clear, this is entirely "in theory" because I've never seen an L2 implementation)
while one can view the efforts to protect a widevine l3 key as security through obscurity, its mostly there to make the effort hard enough that most people are interested in doing it, than to keep it perfectly secure.
Encryption is “security through obscurity”.
Having few admins is security through obscurity; a guessing game of who is the admin?
Not the point of the article but this is great news that I learned just now. I can finally upgrade to aarch64 chrome on my Raspberry Pis.
How does each interoperate with EME?
And what sort of process would one need to do, to be able to view an L1 stream on a bespoke Linux distribution, rather than the L3 stream that this person received? How difficult is it to do, and what are the specific challenges?
Levels are primarily about various kinds of hardware protection, I think. The lowest level just uses ordinary software obfuscation in the widevine library that this article is about, and regular updates to change the media keys.
Higher levels integrate more with special hardware "APIs" of various kinds. I think you generally cannot play the highest levels on PC hardware at all, it's more meant for Apple TVs and other such devices. Other levels may require things like the Windows protected media path, which lets you upload encrypted video data to the GPU and then it's up to the GPU firmware to decrypt it. So then it becomes a question of understanding how the GPU is decrypting the data and defeating that.
L3 is weak enough that you can dump it by just hooking the decoders.
Also do not be fooled by resolution, low bitrate 1080p can look worse than 480p, and many services are quietly throttling bandwidth.
High quality 1080p should be 8-10mb/s.
(not associated with them)