Hacker News new | past | comments | ask | show | jobs | submit login

I think there's some kind of watermarking going on, so once a rip is released to the public they can trace it back to which device keys were used to decrypt it.



Watermarking would require a separate version of each encoded file for each target device, which is not amenable to efficient CDN-ing.

It's quite easy to grab the encrypted media files, as they go over the wire - do this from two devices and compare what you get. (you don't need to strip the DRM to see if the two files are identical)


They wouldn't necessarily need to serve different data to each client when they control the whole playback stack, they could get clever by including duplicate frame data with subtle differences and making each device key only able to decrypt one of the variants. Repeat that throughout a show to add additional bits to the signature until it's uniquely identifiable.


But they don't control the playback stack, once the attacker has the keys. The attacker brings their own stack, decrypting the data with their own software.


That doesn't help the attacker if their key can only decrypt the subset of frames which Netflix wants them to be able to decrypt.


Watermarking was a problem when Widevine L1 was first introduced. Pirates seem to have found a way to scrub the watermark from their releases. Either that or someone is burning a _lot_ of cash on playback hardware judging from the rate of 4K WEB-DL releases.


It doesn't need to be a lot - just replaced in the same cadence as the latency from initial broadcast to key revocation. Even if it's all in-house in Netflix and the watermark sufficient to identify the specific device key not all releases are made instantly after being made available on the platform, it still has to be downloaded, verified, watermark extracted before the key can be revoked.

If that's just a total of a single day, 365 cheap netflix devices per year certainly isn't out of the question, especially with the number of people involved in the many ripping groups.


Depending on the bit size of a watermark, device-based watermarking should be easy to defeat using a quorum of devices to agree on bit values. It should only take around log2(n) attackers to remove an n-bit watermark.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: