For quite a long, it was considered that Hollywood approved DRMs (Google Widevine, Apple Fairplay DRM) is good enough to protect videos from piracy. The technologies which hackers pursue to illegally download content or share illegal access have advanced over the years, and currently DRM is not enough to prevent video piracy. We are listing various reasons why DRM is not enough, and what additional protections are done by Vdocipher to fix each vulnerability.
- DRM vulnerabilities in past 1 year
- Extracting video urls to play outside website/app or app clones
- Illegal password sharing leading over-usage
- Screen Capture in some platforms
- Telegram promoting large scale piracy – Hacker friendly policies
- Coordination between international hackers through anonymous forums
Problem 1 – DRM vulnerabilities in past 1 year
Widevine DRM has 2 security levels – L1 and L3. L1 is hardware based key exchange security , while L3 is software based key exchange security. While L1 based devices have been always full secure, L3 based devices on android and windows can face on and off vulnerabilities. The hacks which came out earlier were quite sophisticated and not many hackers were actually able to technically implement it. Over the time the hacks have improved, and though they still are technical, but with helps from international hacker communities, now each country has several groups of hackers who can implement these hacks to download DRM content.
VdoCipher Solution for this issue –
VdoCipher has launched a piracy tracker and hacker identification tool to auto-block advanced piracy tracking attempts including DRM breakage. Our years of experience has led us to know the common technical tools, patterns and device vulnerabilities which hackers tend to exploit, and we autoblock them. In addition to auto-blocking these attempts, we also provide a list of users who attempted these, so that if required further action can be taken against them. All this information is provided in the dashboard. Please contact us to implement this in your platform.
Results in past 6 months for our customers:
🚫 57,000 sessions blocked for potential piracy attempts
📱 9,000 unique devices/IPs blocked for potential piracy attempts
🔑 780 users detected who misused their accounts sharing login/password with multiple users
🌐 590 customer websites/apps where these attempts were detected & auto-blocked
🔒 290 users’ accounts have been proactively blocked by our customers based on above data
⚖️ 7 users against which the customers have also initiated legal actions
More details on piracy tracker tool
Problem 2- Extracting video urls to play outside website/app or app clones
While DRM encryption can attempt to prevent illegal video downloads, but still if video urls can be fetched outside the platform site or app, and played outside by unauthorized users; then encryption is of no use. Sometimes, hackers can even make clone piracy apps of the main apps.
VdoCipher Solution for this issue –
VdoCipher provides backend authenticated dynamic playback urls which are authorized to only play in the particular website or app where it is intended; any attempt to extract and play these urls outside the app/url is automatically blocked. Our API embeds also have other parameters to control access like number of days for access of offline downloads, time expiry for playback urls etc.
More details on API authentication at backend
Problem 3 – Illegal password sharing leading over-usage
Suppose there is prevention from illegal downloads, screen capture and url sharing, but still if someone shares access to login and password; then multiple users can enjoy the same subscription and cause revenue loss to the content creator.
VdoCipher Solution for this issue –
While there are few ways to do this at website/app login level, which can be done directly by the platform owners; if you integrate our apis, we provide a watchtime based calculation for per user per folder/per course so that you can see which users’ are over using. We also provide unique device/browser count for users and total watchtime across all videos per user. This information is provided in the dashboard.
Problem 4 – Screen Capture in some platforms
A lot of misinformation is spread by some video hosting or DRM companies who claim full screen capture protection in all browsers including Chrome, Firefox. It is technically not possible to prevent 100% screen capture in browsers like chrome, firefox in desktop and android. Other platforms claiming it are factually incorrect. Netflix and other major platforms are also unable to prevent screen capture in many cases in desktop.
VdoCipher Solution for this issue –
Screen capture can be prevented with 100% surety in Safari browser and mobile apps (android, ios) with help of DRM and some additional technologies. For other cases , we have a viewer specific watermark to discourage screen capture. The watermark is user specific and can be customised for color, transparency, speed of movement, frequency etc. to optimise for viewer experience and security.
More details on screen capture protection
Demo of dynamic watermarking
Problem 5 – Telegram promoting large scale piracy with Hacker friendly policies
Any body can make a group (with anonymous identity) and directly upload videos or other content in the telegram group. The name of the group can be the name of the brand they are pirating content of, and it can be searched by people. Groups can have 20,000+ people who can get this content. Telegram has 3 core features/services which seem to have been created intentionally for these purposes.
- Anonymity of the user is maintained regardless of any illegal activities they may be involved and the anonymity is still maintained even after being forced by govt. Authorities. Same user can create groups again and again , and keep pirating content.
- Allowing searching groups by title, so that anyone in the world can search and join a group where illegal activities are being done (e.g Child Pornography , piracy of paid movies, courses, secretive messaging about illegal activities, child). Such things can not happen on whatsapp or most other chat apps.
- Intentionally poor response to takedown requests from copyright owners and allowing multiple groups to be made by the same person.
VdoCipher Solution for this –
Best action against piracy is pre-piracy action by implementing technical actions so that the content does not get leaked in the first place. DRM, Watermark, Piracy tracker, Backend Authentication – All these tools ensure that the content does not get downloaded in raw files and is prevented from going on telegram. Most of our customers, even the largest ones, never find their content leaked on telegram. There are various levels of security which a customer can use based on how much restriction they want to impose. But suppose, the customer decides to use fewer security features and there is some piracy which happens, VdoCipher helps in takedown of content/group from telegram.
Problem 6 – Coordination between international hackers through anonymous forums
Let us consider this situation – A platform providing courses for finance students or medical students. Now these students do not have a coding background or enough technical knowledge to even attempt basic technical hacks. But what they do is share their access to advanced technical hackers; and surprisingly we have seen that these hackers may not even be in the same country as the students. There are telegram groups, users, online forums on various social media platforms enabling this interaction.
VdoCipher Solution for this –
Our piracy tracker solution also provides user id who attempted piracy, and our customers regularly take action against such users. When students come to know that they are being tracked and are reprimanded with legal notice, they fear in attempting such things; and also overall student community understands that their illegal actions can have consequences.
Please feel free to contact support@vdocipher.com for implementing these video security features with VdoCipher video player on your app and website.
Implement Highest Security for your Videos
As we explained in this article, only DRM or only encryption is never enough to protect content from piracy. VdoCipher has suite of 5 key security offerings additional to DRM to help provide highest security from piracy in the video industry.
CEO, VdoCipher. Writes about video tech, ed tech and media tech.