If you take the capitalistic lust of the corporate executive to its logical extreme, given the massive costs of the DRM tech you'd think that at least one of them would realize that they could make more money if they didn't have to pay for something that doesn't work. The economics of distributing the copies are such that it doesn't actually matter if it's easy or hard for 1 or 100,000 people to break the protection.
I work for a large streaming service and a significant part of my work is content protection.
Honestly, tech folks misunderstanding of DRM and content protection is significant. There's some assumption that people are inherently honest and that we're just money grabbing. In the years that I've been doing this I've seen a lot of things and nothing has convinced me that if we turned off DRM we'd:
1) save money
2) not have issues with piracy proliferation
The cost of DRM license issuing for our company is relatively insignificant, a year's worth of DRM for millions of users is less than the cost of a single show we might make. We pay cents per thousands of plays.
I recall we launched in a new market, we did a show which would have been an expensive PPV previously, but it was included in our standard subscription. We also offered a first month free trial, which you could cancel. So, you could enjoy it at zero cost, from the original provider in high quality, with no commitment. That night our anti-piracy team took down 20,000+ illegal streams, serving a large audience.
I also acutely know that DRM isn't as secure as we'd like, I know that all security measures are ultimately not anywhere near perfect. But you know what? I also lock my front door, even though I know how to pick locks. I put my car keys in a RFID box, despite knowing there are probably CAN attacks against my car. I still need to protect my assets, because enough people don't want to pay for something if they can get it for free.
We had some research into the attitudes of pirates that basically distils down to:
1) 1/3rd would pay if they couldn't get the content any other way
2) 1/3rd don't care enough and are casual pirates, watching because they can.
3) 1/3rd are "pay never", militant, yet still happy to take my work without concern for the sustainability of that.
Ultimately, if you like content then you should pay for it, but it's always a waste of time arguing about this on the internet because so many people are in the third category, think I'm an asshole for doing my job and apparently they know my job better than I do.
That's all beside the point. Hardware belongs to the user and should be under the user's control. Treacherous computing should be highly taboo and illegal.
The "sustainability" of Disney's profits are not important. To suggest otherwise on a site literally named Hacker News is comical.
Hacker ethos is about freedom to control what you own and put it to the purposes that you, its owner, want. DRM takes away that freedom, so it is obviously incompatible.
If that freedom makes e.g. Disney business model unsustainable, then that business model is itself incompatible with the ethos.
The argument from the other side is at least as frustrating.
> ...nothing has convinced me that if we turned off DRM we'd: 1) save money 2) not have issues with piracy proliferation
> That night our anti-piracy team took down 20,000+ illegal streams
You already have enormous issues with piracy proliferation. The money you spend on DRM may be "relatively insignificant", but it's still money being wasted on "protection" that has already proven to be utterly ineffective.
I am in neither of your three groups. I want to pay for content. I pay for a lot of music, for example. But you're not going to bully me into paying for your shit by making it as user hostile as possible. As a paying customer I expect at least the level of service that piracy groups have no trouble providing, but instead I'm treated like an enemy every step of the way.
In practice this means I avoid TV shows and movies, but when I do want to watch one I have absolutely zero moral qualms pirating a product that is not for sale. I'll even go out of my way to look for a DRM-free copy I can pay for first. This takes more time than pirating it once I inevitably find out that's not available.
The fact that it does not always work, is in no way a proof of ineffectiveness.
Otherwise, the tax system, speed limit signs, front door locks, and glass windows are also “completely ineffective.”
He is literally telling you, from his own experience in his company, it’s effective. Don’t cite a sloppily-produced research paper from somewhere to make him deny reality.
I'm not, I'm citing their own comment in which they describe taking down 20,000+ illegal streams of their already DRM-"protected" content on launch day. He's describing it not being effective at all.
Glass windows, speed limit signs, the tax system (what?) provide value to the people affected by them. DRM is a pure negative for customers.
You’re assuming it would not have been 100,000 without the DRM. You cannot prove, or cite any research, showing it would not have been much worse. In which case, it could indeed be quite effective.
The entire argument you all are having is predicated on the assumption that the presence or absence of the DRM and/or the user's ability to defeat it in some way affects a user's ability to present a stream of the content.
I am telling you flatly that the users who are producing the streams have absolutely no concern or effect from the DRM. Most probably are completely unaware of it. It's quite literally as simple as plugging your phone into your computer with a $15 cable and pressing the Cast button on a webpage.
We as nerds are privileged to recognize that the $15 HDMI capture card in the above scenario is playing fast and loose with HDCP; maybe we understand systems like ContentID that don't rely on any of this; maybe we recognize that there could be stenographic data in the output that can identify us.
Anyway my objective is to emphasize that the lack of data isn't sufficient to imply a false hypothesis. Please don't exaggerate your point in an attempt to 'balance' an argument that doesn't seem likely to support a conclusion that content piracy would be much worse without DRM.
Indeed I can't, just like you cannot prove, or cite any research, showing it wouldn't have been 1,000 if the content was accessible without arbitrary artificial restrictions on the devices consuming it.
By all means keep taking down illegal streams. I'm not excusing the people providing them. I'm saying maybe stop treating every paying customer as if they're going to do that to the detriment of the service provided. Because it is negatively affecting the service.
What I will say in response to that is that I empathise with people who have no physical ability to access content. If the rightsholder doesn't have it available in a territory and/or no distributor is willing to carry it? Who am I to say it's wrong for it to be available elsewhere.
The contrast to that is that you're not obligated to watch everything out there and just because you can't watch something isn't an offense to humanity. It's leisure, not the top of the pyramid of the hierarchy of needs.
The real problem for us is with freeloaders, people who will steal to avoid paying for the work we put in. It's not some nebulous Scrooge McDuck money pit, streaming is really hard and costs a lot of money to do right. I get to see our cloud computing bill, it is eye watering. Then you have to employ people to build and maintain 30 different apps for every smart TV, smart phone, games console, set-top box, browser, tablet, etc. Then you need people to build and maintain hundreds of backend services to provide catalogues, account management, billing and metadata. Then you need people to run the media processing, encoding and distribution. Then you need an operational support team to ensure 99.999% availability because people are passionate about what they watch. You need a rights team to get the deals, you need a legal team to arrange contracts, you need a finance team to pay everyone, you need infrastructure and IT support for all that.
Oh, and to top that all off, I have to spend significant amounts of my time dealing with patent trolls who want a slice of the action.
One thing I am looking at is a way of removing DRM, by adding invisible watermarking which would attribute every leak to an individual. But when what happens? I turn off DRM and someone releases it online. I know who did it, but am I going to get my pound of flesh? Unlikely.
One of the main reasons I have DRM is because it's contractually required. It does certainly provide a mechanism to prevent casual piracy, it provides me a control point, somewhere I can restrict playback and attribute it to a certain situation. Most people have to jump through hoops to get around the restrictions provided by DRM and that's a good thing because it does reduce proliferation. I'd actually support an alternative to DRM, some kind of trust anchor where I can trust that code run in a browser is not tampered with so I could just use things like mTLS and tokens, but there's plenty of people out there who would block such a thing and instead we have to go with commercial solutions that sit outside the standards.
I don't have any desire to treat anyone but pirates like the enemy, and it's certainly not our intention, our intention is to make everything as friction free as possible within our contractual responsibilities. But when people just want to burn the whole thing down around you and have a wild west, it's not reasonable. If you want to argue, then show me how it can be done, show me how I can protect our assets without DRM? The group I am within the business used to be called the "Revenue Protection Unit", because ultimately it was about protecting ourselves. Not to make us rich, but to make the business sustainable and unless you've seen how hard it is to make a streaming business sustainable, it's really hard to appreciate it.
I used to be the chief DRM guy at another large streaming service.
I can say 100% that the company did not want DRM as it was unreliable and customer-unfriendly, but it was the rights-holders that were badly educated and informed and would demand it in their contracts. I would suspect that is the case at a lot of other streamers too?
(the cost of the DRM was near-zero at our company)
Absolutely, I have to review contracts on almost a weekly basis, all of which say what I have to do and it's usually waaaaay worse than anyone here would want.
I spend way too much time pushing back on over zealous requirements.
I'm gonna be extremely blunt given that I have you in my audience, large streaming media worker bee: It's not surprising in the slightest that you have a bias towards the effectiveness of DRM when your livelihood depends on it. The fact that the unit-cost is "relatively insignificant" is simply a continuation of the straw man argument that props up the entire notion that DRM is somehow cost effective. I don't personally think you are a jerk or anything for working your job, but I can say that I would not personally find it fulfilling to spend my own career on something with such diminishing returns. I guess all of those insignificant expenses add up to some good money in the end, at least in someone's opinion. The incentive to continue burying the failed promises of DRM and keep it propped up as long as possible is evident though; the story really hasn't changed in the 30 years or so that I've been following it.
The lack of a "save video" button in the player app is the most effective means to prevent the average person from distributing the content. By your "lock on the door" analogy, a UI that does not allow the thing you don't want your users doing is providing more or less equivalent protection to the DRM. It doesn't matter how many locks you put on your door if all the attacker needs to get what they want is to look through the window. Why continue to invest in the additional technology if it is not actually adding significant additional protection? By the time any user presents a willingness to do anything at all to circumvent your standard software interface, you have lost; the user will succeed. Plugging in a $30 recorder and pushing the button is all it takes, and all the sweet cutting edge secure enclave crypto quantum DRM in the world cannot prevent it. How many of those 20k illegal streams you cite even bothered to break the precious DRM? My guess is zero.
I understand your points and I wish you all the best with your job. But please tell your bosses to let me buy single episodes of the series I like or every movie in history. No monthly subscriptions. I stay months without watching anything, then maybe two or three series at once, one episode per week each. The industry business model doesn't fit my habits.
>>So, you could enjoy it at zero cost, from the original provider in high quality, with no commitment. That night our anti-piracy team took down 20,000+ illegal streams, serving a large audience.
And....was it worth it? Do you think literally anyone from those 20k people actually signed up for your trial?
I think DRM works fine for the actual customers, the companies that are distributing video who need to convince the movie producers that they are taking it all very seriously, so they need to check some “our platform uses DRM” box. It all looks very odd from us downstream. But, still, most people don’t break DRM so it must be doing something.
For a long time the industry worked by shipping movies off the theaters, to be run in projection room secured by kids doing after-school jobs. I think they aren’t concerned with perfection.
Consider you've encoded and packaged your mezzanine into ABR (dash, HLS) and it's working on phones, browsers, smart TVs, STBs etc. Now you add common encryption: repackage and get double the number of tracks (CENC as well as CBCS). You buy your licenses from Apple (Fairplay), Google (Widevine), Microsoft (Playready) and Marlin (old crap). What used to "just work" now has all kinds of subtle interop problems.
Audio sync issues on iPad? Ah, Apple pushed a bad firmware update, thank you. Tomorrow it's users complaining about Widevine in Firefox. Only Netflix, maybe Disney+ — the biggest of the biggest can do streaming with DRM and make a profit.
I can get DRM, right now, for my videos, with 500,000 plays for $1665. That’s publicly available, commercial pricing. That’s a third of a cent per play. At Netflix scale, it’s probably cheaper.
DRM is a drop in the bucket compared to normal costs. A Netflix subscription is, what, $10? That’s enough to pay for 3,300 encrypted plays. The same provider, if I was doing over 10,000,000 plays, will drop it to just under one tenth of a cent per play, enough for over 10,000 encrypted plays. Compare that with how much the internet bandwidth, storage, and distribution costs - and the DRM is a rounding error.
You’re seriously telling me that not even one out of 10,000 plays is going to attempt a serious theft, to share it with random friends and family? Hah, it’s probably closer to 5 in 100.
Believe me - I’m not a guy who defines himself by living in a Hacker News bubble where everything needs to be perfect to be effective. I’d have DRM yesterday if I ran a streaming service, just like my copyright filings and the deadbolt on my front door.
Sharing with friend and family is not "serious theft". It is benevolent and what people do with books and DVD, without industry people becoming insane about.
