329 comments

[ 2.8 ms ] story [ 334 ms ] thread
Disney's existing streaming service, Disney Life, is using Silverlight, so anything's better than that.
This explains a lot. But even the apps which can’t be, are truly awful.
Is Disney+ expected to work fully before launch date? Isn't in 'testing' right now as described by the author? Why is everything expected to be perfect while still in testing?

From this text, it sounds like Disney is actively working on the issue. The product has not launched yet.

I'm not sure what the problem is. Aside from a faster initial customer support response (for a product that isn't even out!) would could Disney have done differently here?

I understand that Disney+ may not launch with (or ever have) Linux support, and that would suck. But no evidence of that is presented here. And the author expects a resolution for a complex issue for a pre-launch product in testing phase from a major corporation within days? That seems aggressive and unrealistic timeline to expect a fix.

Edit:

The author writes "Their so called help-center does not even know about "Error Code 83"" (with some attitude and prejudice, I'll note); but also writes that Disney responded with "We are familiar with Error 83.". Confusing.

The thing is, as they cover in their post, there’s nothing to “fix.” It isn’t broken. The error is actually that it refuses to run without a higher security level than many platforms support.
It runs in Chrome on Windows, which also only supports Widevine Level 3, same as Linux.

The post is just... not very good and full of factual errors.

This may very well be true, I’d like to note I don’t claim to know anything about how Widevine works. Of course, this is a very different criticism of the post.
You're ignoring the analysis that Disney+ seems to be blocking use entirely at the lower "security level" assessed by Widevine.

It would not take significant time or effort for them to change the threshold value if it were something they considered broken.

It seems prudent at this point to avoid becoming a paying customer until they address it, if you care about this sort of thing.

> It would not take significant time or effort for them to change the threshold value if it were something they considered broken.

Do you have reason to believe this? To me that sounds like a complicated change with significant potential business impacts. Have they signed contracts already where this kind of security is ambiguous? Does changing the flag actually solve the issues on all devices or do other issues present, since they have been untested? Testing must happen post-change, I would imagine.

The issue still sounds complex to me. I use Linux and I want Disney+ to support it, obviously. But I don't see Disney as being in the wrong here (yet) - they're potentially just working on the issue before release. We'll see, I guess.

> You're ignoring the analysis that Disney+ seems to be blocking use entirely at the lower "security level" assessed by Widevine.

That's because it's wrong. Chrome on Windows only supports Level 3 too, and it works there.

(The article incorrectly assumes Level 1 is lower than Level 3. Level 1 is the highest security level, not the lowest.)

> instead send them a message letting them know that you are boycotting them until they get their Linux support in order

A boycott from all 12 desktop Linux users. That'll show 'em.

it's worth a try, if you care (I pay for Netflix and I don't use it because it's easier to download the content somewhere else)... my Sharp "smart" TV will even stop supporting Netflix in December because they say the old software will no longer be compatible.
It doesn't work at all unless you pay them....... and I never planned to.
>In this case e.g. Netflix will not offer full HD or 4k resolutions, but otherwise everything works fine,

I don't understand the point of this type of thinking. Video DRM isn't like Denuvo where it can actually get you a few days or even weeks before any pirated versions exist on the web. If it can be watched by a human pirates will copy it, even if they have to rip it straight from the display controller of their monitors. I have never once had the slightest difficulty or delay in finding pirated versions of video content on Day 1 or even before, and at the highest-produced quality and resolution. Why do providers think making life hard only on paying customers is a good thing?

They do this because Hollywood doesn't understand technology. Netflix understands technology and understands this stops no one, but they are licensing the content from Hollywood, who thinks this behavior actually helps.

Netflix is forced to play ball with them.

Your next question is usually, "Why doesn't the Netflix original content not have these shenanigans then?".

The answer is that most Netflix content is still made by Hollywood studios, so they have the same restrictions. Netflix is only a distributor in most cases, not the content creator.

The other answer is that it is a lot more complicated in the software and for testing to say "can this content be played at 4K based on the publisher?" than to just say, "DRM level 1 means no 4K".

Was waiting for this reply, happy to see it come from the mighty jedberg. For those that don't know, click on his bio, he's definitely 100% spot on here
It's like asking why they bother paying customers with anti-piracy ads at the beginning of legally-purchased DVDs when obviously pirates are going to trim them. It's not supposed to be reasonable.

It's design by committee, it's bikeshedding, it's weird clauses in complex contracts etc... From the right's holder point of view your reasoning doesn't make sense, instead it goes the other way: if people buy our product anyway when we do it that way, why change it? Do you think that when NBC licenses The Office to Netflix they care about Linux users not being able to stream it in 1080p? Do you think Netflix is willing to spend time and money to fight for the tiny portion of the user base who both watches Netflix on Linux and cares for high-def?

Interesting. I'd been toying with signing up for Disney+ at some point (when does it even go live officially?). But if this is the case, I absolutely won't be getting a subscription as I use Linux as my desktop OS.

"No Linux support" == "no customer"

While I agree with the philosophy that Disney should try to support as many platforms as possible, I really don't think it will notice the Linux market is missing.

Cost of building and maintaining a Linux client > Potential revenue from Linux users.

Cost of building a Linux client should be zero. It's not because they want to have their proprietary DRM/spyware restricting what you can do.

Ever heard the phrase "piracy is a better service", Disney?

Edit: Cost should be negligible. You should build for web/browser standards, not the OS.

Why would the cost of supporting an additional platform ever be zero?
They just need to not develop drm.
That implies they could not offer the service due to the legal entanglements of offering films owned by multiple parties without copyright protection, so it's equivalent to saying "They just need to not exist."

Understandably, they've chosen an alternative.

It's worth pointing out that we're talking about Disney here, who owns likely all of the copyright of their content in full without any legal encumbrances. They're the ones who are insisting on distributing content only with hefty copyright protection guarantees, and they could snap their fingers and cancel that insistence at their sole choosing, unlike (say) Netflix.
And yet Hulu, Netflix, and Amazon Prime all work on my Linux desktop just fine...
When the platform is the web browser, not an OS. If I write a website today, it works just as well on Linux, Windows, macOS, or any other modern platform. Other than DRM, there is nothing needed for Disney+ that isn’t common across all desktop OSes.
Linux users are already used to zero support, and in this case there isn't a cost to developing a custom client... it's literally just a matter of flipping the "fuck Linux users" switch to "off."
Turn off the DRM and the youtube-dl community will happily donate their time and effort to provide support to linux users. Disney needn't pay them a cent.
DRM encryption is a browser standard.
Aren't "proprietary" and "standard" mutually exclusive?
Nope. You can have standardized proprietary technology: you may not be able to implement it, but a group of companies might.
Please stop repeating that propaganda. The point of standards is to facilitate interoperability. DRM does the opposite so it can never be standardized, no matter what capitalist-run "standards" organizations say
You can call it "propaganda," but it's documented right here. [https://www.w3.org/TR/encrypted-media/].

If Oauth2 is a standard without defining how authentication servers are implemented and requiring the implementation be disclosed, it's hard to claim EME is not also a standard in the same sense. A standard we don't like isn't propaganda.

Having the EME specification distributed by the W3C appears to be a very effective method of propaganda.

> A standard we don't like isn't propaganda.

A "standard" that doesn't even attempt to fulfil the purpose of a standard is not a standard.

What purpose is it failing to fulfill? It outlines how to indicate media is encrypted and how decryptors can be surfaced by the user-agent.

It doesn't indicate how decryption must happen, but OAuth2 doesn't indicate what standard an authorization server should use to authorize that a client matches a resource owner either.

> What purpose is it failing to fulfill?

Here you are:

> The point of standards is to facilitate interoperability.

> but OAuth2

isn't the topic.

It facilitates interoperability between content providers and user agents to convey and display encrypted media (without the need for one company to own both sides if that pipe, like in the Flash era). Much as OAuth2 facilitates authorization handshakes between services owned by different companies.
Facilitating DRM, which runs counter to interoperability, is exactly why EME isn't a standard.

And please stop spamming your OAuth2 nonsense, it's off topic.

I keep bringing up OAuth2 because it's in a similar domain to EME. Authorization restricts access to resources that users are not supposed to be accessing (for whatever reason, be it privacy or they simply haven't paid to access it).

Similarly, encryption restricts usage of resources in ways users are not supposed to use them (including having not paid for the privilege).

It's not "counter to interoperability" that Google Drive won't fork over your documents to anyone who requests them without the right token.

Your frustration isn't the technology, it's what it's used for. If you want to claim EME isn't a standard, clarify how it differs from OAuth2.

> Authorization restricts access to resources that users are not supposed to be accessing (for whatever reason, be it privacy or they simply haven't paid to access it).

Oh, sorry. I thought you actually knew what DRM is.

https://www.defectivebydesign.org/what_is_drm_digital_restri...

> Your frustration isn't the technology, it's what it's used for.

Stop trying to read my mind, it's a violation of privacy and physics.

> If you want to claim EME isn't a standard, clarify how it differs from OAuth2.

If there is no relevant difference, then OAuth2 isn't a standard either. Happy now?

> If there is no relevant difference, then OAuth2 isn't a standard either. Happy now?

In the sense that you've reached the conclusion that your definition of "standard" isn't sufficiently universal to discuss the topic because you've excluded what is generally accepted to be a widely-accepted authorization standard that lacked the controversy over socioeconomic control that the EME standard does, yes.

Trying to short-circuit debate by bullying the field of definitions and declaring the other viewpoint "propaganda" isn't constructive.

Stop twisting my words. Thanks.
Looks like this is more of "requiring widevine level 2/3", their player and DRM should work with Linux Firefox and Chrome with minimal changes.

> Disney+ OTOH seems to have the drm features kranked up to maximum draconian settings

So you figure maybe a week before it's all on bittorrent anyway?
Most of the stuff already is
All of the pre-existing content assuredly already is. I'd expect to see the newly aired stuff show up within hours, if not minutes, on the tv sites. Probably before airing, stuff is almost always leaked.

But on the other hand, I suspect that they have run the numbers, and there is so little potential value supporting Linux that it isn't worth the hassle. DRM might just be a convenient excuse.

If its true that this includes Chromebooks, it could definitely affect a lot of people.
This impacts those using ChromeOS, if I read it right. Disney May want to support that.

Isn’t ChromeOS Linux under the hood?

(comment deleted)
Yeah ChromeOS is Linux under the hood. Probably the most mainstream desktop class OS based on Linux. A family member's Windows laptop quit booting up, and wanted a new one. Talked them into a Chromebook since they mostly just use the web, and didn't want to spend a lot of money. Figured ChromeOS would be less bloated than the other traditional desktop OSes too, especially if not wanting to spend a lot on hardware as I feel a similarly priced Windows laptop would be slow probably due to the lower hardware.

Wouldn't surprise me if a lot of kids have Chromebooks too, which would be Disney's target. There's some decent models that are cheap and probably more secure than just giving them a Windows Laptop.

Also recently they added official support for Linux apps themselves, that's in beta called Crostini. They run inside of a container. But before then no Linux apps could be installed even though it's Linux under the hood, but I know there was some unofficial ways.

I was apart of the CR-48 beta where they sent out free laptops to test with. Surprised they did that in the first place, but it just sits in the closet now and very slow, no longer gets updates but used to use it alot more when it was new and feeling special since part of the beta program. So with Linux support, part of me wants to buy a newer one. Could run Node and VSCode on a Chromebook!

* Wouldn't surprise me if a lot of kids have Chromebooks too*

Given how many schools want kids to have portables and Chromebooks have become the cheap choice, this is going to be a problem.

Linux users won't pay for things. It's not worth chasing that market.
Maybe they won't. That's fine, it's their decision to make. All I'm saying is that I can absolutely confirm that I won't be signing up for a streaming service that won't work on Linux. If the market of people like me is small enough, then maybe it'll never matter to Disney.
(comment deleted)
I've only signed Netflix after my living room TV was able to directly interact with it, smart TVs run Linux. The second question I made was how I would use it on the TVs that didn't run it, and solved it with a chromecast, again, Linux. Another option is to get one of those media players sold on the internet, again Linux.

What other option is there for people to watch the streaming services? Directly on their computers? I doubt many people will even think about that.

> when does it even go live officially?

November 12 in US, CA, NL. More countries on the 19th.

> "No Linux support" == "no customer"

The conviction in this statement gave me a bit of a chuckle. I think most of us commenting here don't share this view.

I'm pretty sure Disney is optimizing for the majority of their audience who use Windows, OSX, iOS etc, not developers/hackers who run desktop Linux. I'm curious about Android though.
Optimizing how?
Disney is focusing on traditional popular consumer markets.

Linux doesn't have a large enough number of users for their consumer-focused video streaming service at this time.

They'll probably move down-market after nailing the experience on the first few platforms.

side note - I love the number of comments about piracy as the other option, as if Disney is reading this page - or cares much about a small market (linux consumer-users)

Focusing their attention on the platforms that are most critical at first launch, I'd guess.
Don't the majority of people still watch TV on their TV? I don't care if their service runs on my computer because it's confirmed they will have an app for PS4, which is how I already watch Netflix and Hulu.

I know there are people out there who refuse to run any non-free software anywhere, and it is a good thing they exist, but I would guess that the majority of people who have Linux on their laptop are willing to use a Fire Stick or their TV's builtin OS or whatever to stream TV and movies.

It works fine on Android.
I can’t imagine the vast majority of their customer base uses Linux, and was likely left out as a fast follow as it isn’t worth being a supported system until they can see it gains traction.
I was planning on subscribing instead to a VPN that supports peer-to-peer torrenting.
AmazonPrime video does not delivers HD content in Linux... I tried everything switching browsers, changing User agent, wine, running virtual box. I seems some type of DRM is not implemented yet in Linux. Netflix is the same I think.

I happily pirate content now.

Publishers often refer to copying they don’t approve of as “piracy.” In this way, they imply that it is ethically equivalent to attacking ships on the high seas, kidnapping and murdering the people on them. Based on such propaganda, they have procured laws in most of the world to forbid copying in most (or sometimes all) circumstances. (They are still pressuring to make these prohibitions more complete.)

If you don’t believe that copying not approved by the publisher is just like kidnapping and murder, you might prefer not to use the word “piracy” to describe it.

On the other hand, sometimes "pirate" seems to have a positive connotation.

https://www.youtube.com/watch?v=i8ju_10NkGY

And interestingly the 3rd highest comment on that video currently is about Disney+.

Anecdotally, that song is quite popular among software pirates.
You can get 1080p streams from Netflix on Linux (for 99% of their collection) by switching your user agent to ChromeOS. Their check is just:

    a = /CrOS/.test(a.userAgent);
    this.Fma = this.Aw = q.Gu.PV;
    this.Qm = [x.$l.nV];
    this.oo = [x.V.vA, x.V.wA];
    a && this.oo.push(x.V.TH);
It very much is _not_ "DRM not yet implemented".

Both Prime and Netflix are fully capable of streaming their highest quality under Linux - if you have the driver support.

Unfortunately they have a bunch of hacky stuff trying to prevent it, rather than allowing the user's browser is to make the decision.

I can confirm that switching the user agent [used to] work[s]. (Disclaimer: haven't streamed for a while personally.)
Actually, you can’t get higher than SD for Amazon Prime Video since they started enforcing VMP a few months ago, which isn’t supported on Linux.
Yeah this means this was a business decision and not technical. They probably looked at user numbers for the different browsers.
That's one reason I use it. If they switch to nazi DRM I'll drop them. If Disney won't play on Linux meh whatever then on them. I'm sure they won't miss me, and I won't miss them much either.
FWIW I've had varying luck on Amazon; I think it's based on the publisher of the content. Some of Amazon's own stuff works in 1080 on my machine while other movies are much lower quality
Changing the UA to Firefox windows works too. I always get the "best" stream. Also prime music does not work on Chrome/Firefox on Linux solely because they've blacklisted the UA. I keep yelling at them every 2-3 months
I believe it morally justifies downloading Disney+ content via torrents.
Tell yourself whatever you like
Oh come on, “Disney won’t stream their stuff to my niche OS” is not a reason to get their stuff without paying. You can wait for a DVD, you can scrounge a used device that will run their DRM, or you can decide you hate all DRM and boycott their stuff until the unlikely event they offer a copyable version. Lots of people work hard making this shit, and they have bills to pay, these things don’t just spring fully-formed onto a hard drive like Athena from Zeus’ skull. Maybe there’s some morality going on if you buy a ton of merch for what you watch. Maybe.

Or you can reward the companies that do support your niche OS by paying for their stuff, that’s pretty unassailable.

I am far from without sin in this area, but I don’t try to make excuses. Watching stuff without paying its asking price is stealing.

Niche or not “Disney won’t sell me content I want to buy” seems like a tough position for Disney to argue past.

This was the argument back in the days when movies wouldn’t be released in many countries as the market is too small.

What do you expect potential customers to do? Should they buy new computers? Not watch Disney stuff?

I think I would expect the latter, but if they aren’t Disney’s customer then them pirating isn’t losing Disney any business.

> Niche or not “Disney won’t sell me content I want to buy” seems like a tough position for Disney to argue past.

I feel that is such an entitled attitude. Watching Disney+ is hardly some inalienable human right nor essential for survival. Why would anyone think their right to use a service, and cosume content, overrides Disneys well-established ownership?

Disney getting paid isn't an inalienable human right either. We're talking about customers paying for entertainment. And their ownership over the IP isn't either. It may be well established in law but it's not like we're talking about the right to air and water.

If Disney won't sell them the stuff they shouldn't be surprised they'll resort to other means to acquire the content.

What’s wrong to entitled attitudes?

I feel like “entitled” is some sort of jerk buzzword. Entitled is a wonderful thing. I think it’s good to be entitled to not being exploited by billion dollar companies making decisions that make like worse for people. Even if it’s just a little worse like not being able to watch a movie with your kids. Sadly, we’re not entitled to such a thing.

Why is Disney entitled to oppressive “well-established ownership?” I’m not sure how one is more entitled than retaining copyright for 70 years after the artists who create something die.

Getting paid isn't some inalienable human right either. Even if it were, Disney is not a human. Disney is a corporation worth tens of billions of dollars. It used a portion of that money to lobby for multiple copyright extensions, eroding the rights of every american. So who's really entitled here? The social contract behind copyright was "we'll pretend your intellectual property is scarce for like 20 years so you can make your profits and once the time's up your work enters the public domain". When was the last time you saw something enter the public domain? You are literally defending the company that did that. They will try again in the 2020s. They have no intention to fulfill their end of the bargain.

If "piracy" could straight up kill Disney, copyright infringement would be a moral imperative. We don't even have that power.

> Watching Disney+ is hardly some inalienable human right nor essential for survival.

Neither are never-expiring copyright laws, and there's no reason someone in a country that doesn't abide by them should have to honor them.

Oh. I was going to start my previous message with "I personally don't plan to watch any of their programs", but it would deny me the joy of reading your comment, full of virtue and moral superiority. Thank you.
Actually, it is infringing. We have that word for very specific reasons.

In this case, nothing was stolen.

If you purchase a subscription and then torrent, that's justified. Otherwise--uh, no.
I think the point is to not pay them until the get their service fixed.
Nit, since this confused me when I was looking for more context: for whatever reason, Widevine security levels are ordered in decreasing security (whereas the article has them backwards).

Widevine on Linux only supports L3, which means that there's no guarantee that any processing is done inside the CPU's trusted execution environment. Which, uh, reads as "no security guarantee" to me.

I’m not really ok with other people’s code running on my Secure Enclave.

BitTorrented video has no security guarantee either.

> I’m not really ok with other people’s code running on my Secure Enclave.

All the code that runs on your secure enclave is other people's code.

Depends on the device, of course.
The security guarantee here isn't for the user, though. It's more of a placebo effect for the content producers.
That's the funny thing about this whole thing they keep using terms like security when what they're really talking about is anti-saving/copying/skipping/fastforwarding and region blocking.
In order to get the highest level protection in widevine (the numbering is confusing) the decryption code and secure media path all need to be provisioned by the OEM. In otherwords the “other people” running code in the Secure Enclave is the device manufacturer. If you don’t trust them you are already sunk.
What I don't understand: with highest level protection does HDMI sends encrypted stream which is supposed to be decrypted by chip in display (which should support DRM, of course) or decoding happens in PC and HDMI carried decoded signal? Because if latter is the case, it should be more or less trivial to just save stream from HDMI, so those protections mean nothing and trivially by-passed by available hardware.
Usually these systems require HDCP support, which theoretically allows verification of the whole chain, PC to HDMI cable to display; any "unapproved" devices in the middle would be detected and prevent display.

In practice, the HDCP master key was leaked years ago and it's pretty straight forward to get an HDCP stripper device and a capture card.

(comment deleted)
“First of all, as always my opinions are my own, not those of my employer.”

Why do you need to write that? It’s a benign article and more so it’s about as protective as the useless “Store is not responsible for carts that damage your car” signs.

Companies react in strange ways. I recall a forum post a few years back about an issue with a backup solution. The poster ran into a problem and shared it in response to a question.

Someone from the storage company went apeshit, figured out who the poster was, and met with the CIO of the guys employee to get him to remove the post.

I really hope he's swimming in lawsuit money.
Years ago I ranted on Twitter about Bitium being unreliable. There was no mention of the company I work for on my twitter account, but I had my full name visible. They looked up my name in their database, found my account, and made a phone call to my CTO to ask if there was a problem with their product. The tone of the call was friendly (they didn't try to get me fired or anything), but I still got some heat because my CTO was pissed (until I pointed out that it was a personal account without any work reference). So yeah... I'm not surprised people feel the need to add disclaimers to what they write online.
Is anyone really surprised?
> desktop Linux and many Android devices only support level 1. In this case e.g. Netflix will not offer full HD or 4k resolutions

And yet 4K webrips of recent Netflix shows are readily available on torrent sites.

I don't understand who these higher levels of DRM are trying to target. They obviously don't stop the serious pirates from ripping and sharing the content with everyone. Yet the lower levels are "good enough" to stop average users from trivially downloading and keeping the file, like you might do with an plain, embedded MP4 file.

Obviously, the point is to screw up the customers - every DRM can and will be broken at some point
Device manufacturers. Play nice, or we won't grant you the magic pixie dust to play our content in glorious 4k.
To clarify, this isn’t just a cynical comment. It’s actually why digital content producers use DRM. Generally speaking, they’re not idiots, they know it will have little effect on determined pirates and will cause some hassle for some legitimate customers. The point really is so that the digital content producers can maintain control over the providers of computer hardware and distribution channels.

Here’s an old article claiming to be a big revelation, but it’s pretty much common sense and has been fairly well recognized for much longer than that:

https://www.zdnet.com/article/google-engineer-drm-has-nothin...

So the purpose of DRM is to thwart the first sale doctrine?
It is absolutely one prime motivation. “The purpose” is essentially non-verifiable.
Reading that article, it seems to me that the arguments don't fit the conclusions. Media companies may be strong-arming software and device manufacturers, but they're doing so as a means to an end, not an end unto itself. Their motive for strong arming software and hardware manufacturers is their desire to control consumer behavior. That may be slightly more general than "piracy" specifically, but not that different.
Sure, of course they ideally want end to end control. The point, though, is that the argument “pirates will still be able to pirate and legitimate users will be inconvenienced,” while true, is not a great argument for why content producers should stop using DRM, because DRM still works quite well for establishing control over hardware and distribution providers.
DRM punishes paying customers and does nothing to stop piracy. It reminds me of those "you wouldn't kill" segments at the start of DVD's that you couldn't skip, but just moaned at you to not pirate the DVD. But the only people they were telling this to was paying customers who bought the DVD. People who pirated the DVD, just plugged it into their computer, ripped out the content then published.
Sure, but why? Do the rightsholders believe that these mechanisms are effective at making them money somehow? How correct are they - are these mechanisms effective at stopping some amount of casual piracy and converting that into purchases?
It's pretty simple: They pay a hot shot company to try and stop piracy and thats the best they can come up with.

Piracy can't be stopped but thats not what they want to hear.

Piracy can be greatly reduced by distributing the content via Netflix but thats not what they want to hear.

>And yet 4K webrips of recent Netflix shows are readily available on torrent sites.

and:

>Piracy can be greatly reduced by distributing the content via Netflix

Aren't you guys saying different things? One is saying people already pirate on netflix, and the other is saying netflix removes the need for piracy.

If you're saying the same thing, I would interpret it to mean that piracy is greatly reduced on netflix, but not entirely eliminated. But if that be the case, would that not be evidence of netflix' anti-piracy measures working?

Those two sides aren't mutually exclusive. Demand for content creates both.
My interpretation of the quotes is that if a show is on Netflix, its pirating rates go down drastically, but some shows on Netflix are still pirated. That’s because there is a significant population who pirates only when it is easier than streaming, and Netflix makes streaming really painless, in comparison with other streaming sites like Hulu or CBS All Access. However, some people still won’t pay for Netflix (or for any other streaming service), and they’re the ones that the first quote is talking about.
DRM doesn't inconvenience pirates, but piracy inconveniences consumers.

It's inconvenient to free up 50 GB of hard disk space to torrent of a 4k netflix rip you found off some shady torrent site. It's much more convenient to just give netflix a few bucks a month. That inconvenience comes from law enforcement action against pirate sites and many users having trouble managing their hard drive space. Not from DRM.

It may be inconvenient to free up some disk space (citation needed, anyone on HN has probably got terabytes of free space somewhere), but the inconvenience of certain streaming platforms, or even the total hostility to watching anything ad-free (even paid users) will knock people into the piracy camp. There is no source where I can watch AAA movies that I buy on my laptop legally in 4K as it is illegal to break Blu-ray encryption (and I run Linux). I buy or rent movies I want to watch on my Apple TV in 4K, but what am I supposed to do if I want to watch something on a plane for instance?

Anything that is on Netflix I watch. I can’t watch amazon prime on my Apple TV because their region system is broken (yes, if an amazon employee is reading this, please fix having prime in multiple countries) so battlestar galactica and other shows in their catalogue aren’t available come from other sources.

I'm talking about the typical consumer, not a HN user. Most people aren't running linux, have legal streaming options available to them, don't have terabytes available to them at any particular moment (maybe they have a few terabytes of portable harddrive in a closet somewhere, but not mounted and ready to roll.)

Are there scenarios where typical consumers turn to piracy? Sure, aboslutely. They generally do that when a convenient legal way isn't an option (e.g. region locks screwing them over.)

You’re probably right, but I know plenty of people who are happy to use putlocker etc who aren’t technically competent at all (and yeah, they sure get malware...)
> Most people aren't running linux, have legal streaming options available to them... Are there scenarios where typical consumers turn to piracy? Sure, aboslutely

my wife - a non-tech person, really - falls in to this camp. she's turned to torrenting things because the experience of streaming is just... slow. and bad. and stuttery. oh, and we still get ads on things (hulu, for one). She figured out how to find free streams for soccer matches - when we paid for "real" streams, they still had ads taking up 20% of the screen. And still somewhat jittery/stuttery (but - those 2 minute car ads at the start of the stream were never jittery).

yeah, the 'free' stuff experience isn't always great, but when the paid experiences are still kinda crappy, what's the point of paying?

It's not illegal to break copy protection for a work you purchased. There was an ammendment to the DMCA for it -- likely if this had not happened more of the DMCA would have been challenged and struck.
The caveat to that amendment being that you are only allowed to do so using tools you created yourself and you may not afterword share your tools, your methods, nor the decrypted material with anyone else.
I don't see that in there anywhere. More like you can't transfer the material, even to another rights holder, but I still question that. They can't make the sharing of the tools and methods illegal as it'd be against the first amendment.
"Piracy" is inconvenient. It takes knowledge, effort, time and money as well as computing power, storage and network bandwidth to participate in the ratio economies of private torrent trackers. It gets to the point it looks like an enthusiast operation run by people who want the best possible version of everything.

What's truly sad is how so many people find this preferable to paying for the official services. It speaks volumes to the quality of their streaming services. A huge number of people don't even have the choice to pay for the content to begin with: many of the of companies that complain about copyright infringement don't even offer their services outside of the United States. They ignore entire markets and complain when people find a way via unofficial means. It's really hard to feel any sympathy for the copyright industry.

There are some users, such as myself, who find the legal streaming sites intolerable for technical reasons if not ethical reasons. But I think the vast majority of users prefer the legal options when they're available, which is the part the media industry keeps on fucking up.

If they were better at their jobs, better at delivering to consumers what consumers want, they wouldn't have to worry about DRM, piracy, control of consumer behavior or any of this nonsense.

Completely agree with you. If their services were good enough, I doubt they would even need copyright protection to make money. The fact they can't match the quality of a bunch of underground sites despite being a multi-billion dollar industry is a sign the industry is relying on artificial scarcity to have any chance of competing in the marketplace.
> What's truly sad is how so many people find this preferable to paying for the official services. It speaks volumes to the quality of their streaming services.

I was even pirating shows I had access for free on Amazon prime... that just tells you how bad the platforms are, it's not about money.

Statement 1: Piracy is inevitable in all platforms and at scale every media property will be pirated by someone.

Statement 2: If your content is available on a reasonably priced and performant streaming platform or is otherwise “low friction” the number of people who will choose to consume the pirated content instead of paying drops off dramatically.

The problem for publishers is that there’s so many different knobs that finding what brings in the most revenue is pretty much a crapshoot.

Exactly what I was trying to get at, thanks.
Content piracy has long been about the exorbitant cost of acquiring content.

If you look at the cost of downloading a full, original quality Blu-Ray rip, then burning that to a dual-layer BD-R disc, you're looking at an hour to torrent plus up to $10 for a dual-layer recordable disc. Compare that to a store-bought copy that's $7.88 and comes with both Blu-Ray and DVD copies, and it's no contest.

Make that store-bought copy $49.95 (thanks, Marvel) and it makes piracy attractive. Add terrible DRM on top and you GUARANTEE piracy, because you're being hostile to people that have actually bought your movie.

If DRM had never been invented, piracy would only be about 5% worse, and your paying customers wouldn't be cursing your existence... but the media companies are too stupid to realize that.

> If DRM had never been invented, piracy would only be about 5% worse, and your paying customers wouldn't be cursing your existence... but the media companies are too stupid to realize that.

The media companies do not care whether their paying customers love them or hate them. What they do care about, though, is when there is 5% less of them.

Remember, big corporations do not just want money - they want all the money (and more).

> But if that be the case, would that not be evidence of netflix' anti-piracy measures working?

No. It's evidence that just having the content available on Netflix will reduce piracy. It is a bit less effective than it could be because Netflix doesn't run on literally everything, mostly because of anti-piracy protections, but it does run on nearly everything, so it's effective.

Removing the reasons to infringe copyright is completely different from making it impossible to infringe someone's copyright.

Netflix is a convenient enough service that makes it easy for people to watch what they want to watch. Most people will just pay for it without thinking twice. It's easy enough that most people won't even consider infringing. Netflix's value isn't just in the content it serves, it's also in the fact it frees people from the non-trivial effort required to "pirate". Private torrent trackers have an economy of their own.

Making it impossible to infringe is extremely difficult. Movies and music are really just information. Extremely big numbers. It's trivial to make copies of this stuff and send those copies over the network. In previous centuries, you needed to be a major industry player and own big machines like printing presses in order to infringe on someone's copyright at scale. In the 21st century it's as easy as copy paste or forgetting to close the torrent client. People might not even realize they are doing it.

This is why a fragmented streaming market will push people towards copyright infringement. Instead of pooling their intellectual property and creating one single perfect streaming service with all the content, they are making it difficult and expensive for the consumer by competing with each other. At some point, people are going to wonder if there's a better way. That's when they'll find "piracy".

It's been decades and literally everyone in multiple industries is still refusing to admit they're throwing money after a lost cause? I won't say that's impossible, but the entire idea behind capitalism is that this happens rarely. Eventually someone will realize they can make more profit by not paying for anti-piracy, right?
I think some companies are just looking for the appearance of fighting and succeeding against piracy.
They cannot possibly actually think DRM stops anything. Maybe they don't get that it's convenience that drives sales rather than the content itself.

I just rented Spiderman on Amazon streaming for like $6, about the same as I remember video rental used to be. I'm certain I could have pirated it if Amazon streaming had not worked on Linux. It was slightly easier and slightly more ethical feeling to rent it from Amazon, so I did.

I have seen a bit of a pattern where content distributors start out by cranking the DRM to 11 and then year over year get less and less worried about it. I guess they realize over time that the DRM isn't stopping anything, who knows, maybe they're using it to provide a PR argument that they're trying their best to push some other agenda.

But I think they know that it's the distribution method rather than the encryption that influences buying decisions unless they magically stop all casual piracy. Be at least as easy as casual piracy?

The entire theory of capitalism is that everyone always acts rationally and in their own interest. In reality, humans are frequently irrational and acts against their own interests.

Basically the foundations upon which capitalism stands are cracked and have always been craked. Regulation is what usually fills out those cracks to prevent the entire thing from crumbling.

The theory of capitalism is that the means of production are privately owned (as opposed to government owned). What you're talking about is part of economic theory, not the same as capitalism at all.
When companies are inefficient for a long time, it's usually because they managed to prevent competition. In this case, they successfully managed to bully the whole world, using the US government, into adopting rules created by US companies. (The idea that a sovereign country - say India - is forced to police 1.5 billion people to make sure they don't use Mickey Mouse in ways that would upset a company in a foreign country is insane. We don't normally care if people in Nigeria cook their leftovers in ways that upset a famous Italian pizzeria.)

---

Every time you find a problem with capitalism, stop and look again: you will find state intervention in the market, which is the opposite of capitalism. (Free trade between the involved parties, without the intervention of others.)

In this case, the problem starts at the root: copyright is by definition a state intervention in the market. It cannot exist in a free market, because it mandates that someone prevents you from using your own resources as you see fit (namely, copying a DVD you own on a computer you own, using electricity you're paying for).

Kinsella's "Against Intellectual Property" is probably the best resource point out the contradiction between Imaginary Property and the free market.

How do you prevent state intervention in a free market? What prevents the capital-possessing incumbents in a market from saying, "We need a government and an armed police force to enforce intellectual property laws"?
Competition. You hire a different police force to protect your property.

Of course, if one entity has a monopoly over the legitimate use of force in an area, you're in trouble.

That sounds a lot like warring oligarchical or dictatorial nation states with extra steps in practice.
If they manage to get monopolies over geographic areas then yes, you get exactly what we have today.

However, for a couple of years after 1990 we actually had quite a lot of security companies that were competing peacefully in the same areas (Romanian police being absolutely irrelevant at a local level, with the reorganization of the state that was taking place). Of course, once the state got re-established "properly" that was quickly ended.

> Piracy can't be stopped but thats not what they want to hear.

It can be stopped. All they have to do is destroy the computing and internet freedom we all enjoy today. Can't do subversive things like copy a file if they don't let us run our software. Governments around the world are also trying to erode these same freedoms by pushing encryption regulation.

> It can be stopped.

In the context of visual/audio (re: the topic), no. Even disallowing encryption will not save companies from simple steganography.

Even then, lets say the successfully broke all encryption and all communication - people would just go back to recording from a DVR and selling DVDs on the streets.
> All they have to do is destroy the computing and internet freedom we all enjoy today.

That's one of those "good luck" scenarios. Building your own homebrew computer, or your own OS is a hobby for many. If you push the people behind them, and make a market for them, you'll make them popular.

The internet itself is complex, but not so complex that determined actors cannot build their own mesh networks.

And whilst governments are trying to erode encryption everywhere, it won't work in the end. They may be able to take secure encryption out of the hands of civilians, maybe. But they can't take it from the pirates.

And as for the incoming "no one would be that determined" argument, cracking chips to let consoles play pirated games have existed for a long time, and the average person did actually seek them out... And found them everywhere. If you make people build the infrastructure... They will.

It seems to me that the approach Netflix and Disney et al are taking is accomplishing just that.

DRM in the browser was step one. No Widevine, or whatever crapware is needed, no Netflix. Next came the limit on higher resolutions. You want Full HD? Stop using a free operating system. You want 4k? Get Internet Explorer, or better yet, get our app on one of the approved operating systems.

The next step is probably to diminish the browser experience even further until enough users have switched to the 'app'. The only reason is control.

It won't drive us away from a personal computer running whatever modern OS we want, but it is slowly creating a majority of people for whom computing exclusively means a managed device with a pre-approved operating system running vetted proprietary applications.

I suspect it will just bifurcate the market eventually.

There was a brilliant moment where entertainment was all going to converge. You'd have your PC with terabytes of storage, stick a tuner card and an Ethernet cable in the back, run the sound out to your thousand-watt 20-channel amplifer, and display it all on your 70-inch flat screen. Broadcast TV, Netflix, Disney Plus, etc, would all just be desktop icons, right next to Steam and Excel. We were hurtling down that road in the mid-2000s (remember WinXP Media Centre Edition?) and suddenly it all jumped the track.

Seemed to happen pretty close to when Digital TV stumbled its way into the US market, or roughly the perfect time for it to really take hold (the classic "record a show on VHS" paradigm was suddenly killed off, and the ever-mutating subchannel lineups makes a smarter electronic program guide and recording functionality more appealing). I sort of blame the cable industry-- apparently it was virtually impossible to get a digital-cable-compatible tuner card for many years-- you had to buy from a narrow band of prebuilt PCs with the cards preinstalled, and even now the companies will scream blue murder over having to supply CableCards (if they even do anymore).

The PC is a do-anything device. Eventually, given the media industry's tastes, it will be the 'do anything except watch name-brand entertainment products' device. I don't think they can undermine general-purpose computing as a concept- there's too many other business cases that rely on being able to run random unsigned software or connect to arbitrary weird hardware.

Instead, Disney and Sony will push hard for various consumption-first or -only devices-- smart TVs, consoles, locked down phones/tablets. I'm sort of surprised they aren't already going for the subsidy model-- get a "free" PS5/Xbox 3π/"smart" television if you'll sign up for years of a content subscription service to feed it.

People will end up having both and being annoyed that they can't converge things.

You haven't really seen the VHS age of pirating in Russia and Eastern Europe, have you?
In my corner of EE that was caused by movies being crazy expensive relative to realistic income. Streaming and lower prices now definitely killed a lot of potential piracy.
It could also be an attempt to sway the public and their views on piracy.
They just refuse to license their intellectual property to streaming companies that haven't developed "adequate" protection against "piracy". It's all about making a billion dollar investment look less risky in the eyes of executives. I seriously doubt it's helping them make more money.

Any victory against copyright infringement will come from competing directly against it. The copyright holders are too busy competing with each other and fragmenting the market instead of building something that's actually equal to or better than "piracy". It's pretty sad how a bunch of "pirates" manage to provide a better product than corporations valued at tens of billions of dollars.

I remember this being in the context of video games, and from some time ago (so things may have changed with Steam sales and the like), but it said that something like 85% of sales occur in the first two weeks. Thus the DRM was there to (hopefully) hold out for as much of that initial time as possible.

Anyway, anecdotal story, take with (many) grains of salt.

How correct are they - are these mechanisms effective at stopping some amount of casual piracy and converting that into purchases?

Yes. Contrary to popular opinion among the geek crowd who tend to be very hostile to DRM, the people using it are not in fact completely ignorant and stupid. I write this as someone who used to believe similar things myself in my younger days, but who has now seen both sides of the coin and has moderated some of those views in light of that experience.

One thing that a lot of people don't seem to realise is that piracy often isn't about the price, but rather the convenience. If it's easier to find a ripped copy of something online, for example because it's not available in a certain region from legal sources, then people who want that content will go looking and they'll find the illegal sources. If it is available from legal sources, then to some extent DRM doesn't have to stop someone from being able to find a pirate copy, it just has to make it more inconvenient than finding a legitimate one. Given that any pirate content found online comes with a certain degree of risk, from malicious payloads pretending to be something else, poor quality or incomplete content that frustrates the person who gets it, and in some cases from honey traps that can result in legal action, this isn't entirely unrealistic.

One specific but very important instance of this, briefly mentioned already elsewhere in this discussion, is that if DRM can delay the widespread availability of some popular new work via pirate channels for a few weeks or even just a few days, that can make a huge difference to profitability. There have been AAA games where the DRM has been cracked but not for several months, and that might have saved the developers and legitimate distributors many millions of dollars.

At the other end of the spectrum, there is lots of content that is going to be many orders of magnitude less profitable even with a good run, simply because it's aimed at relatively small markets: niche music genres, software for running some specific type of shop or leisure facility, a documentary programme about an obscure interest, and so on. There is much less desire from the kinds of people who would be able to crack substantial DRM schemes to spend time on these things, so even simple measures can be quite effective in preventing that content from being trivially findable online, thus preserving the limited market for these kinds of products.

And finally, there is the simple but still relevant issue that some people genuinely don't realise piracy isn't legal or that what they're doing is piracy. "If it's on the Internet, it's free, right?" Even the most basic DRM schemes mean people probably have to do something that is clearly not the intended way of getting hold of the content, and that itself can be a useful deterrent for the "unwillfully ignorant" crowd.

>DRM punishes paying customers and does nothing to stop piracy.

Media companies aren't stupid. They know exactly how much DRM and piracy impact their bottom line. That's why DRM-free distribution is a non-starter for virtually every media company, because it saves them money.

Like all things dealing with bad actors, DRM isn't about stopping behavior. It's about slowing it down and making it more cumbersome

"Media companies aren't stupid. They know exactly how much DRM and piracy impact their bottom line."

Citation needed.

They may not be stupid, but that doesn't mean they're totally rational either (that would be inhuman and I can assure you they're just as human as the rest of us.) Most of these media companies have never even tried no-DRM so a fully rational appraisal of the value of DRM simply isn't possible for them.

The music industry largely went no-DRM (and streaming) and they were totally unscathed. A good quality mp3 or flac file is what, tens of megabytes at most? Really easy to pirate. A good quality 4k rip is going to be tens of gigabytes. Pirating something that large is a hassle for me but inconceivable for some of my friends or family members. Pirating movies and TV shows has always been more niche than pirating music. And the formats easiest to pirate (720p, low bitrate, etc) are the formats being given the lightest DRM.

I wager there are some very human emotions involved in the decision making, namely pride and possessiveness. "We made this so we get to control it." The effectiveness of the DRM takes a backseat.

A good quality (for your average media consumer) 4k rip can be as low as 8gb. Sure it's not blu-ray quality but neither is Netflix, and no one cares. At least where I live, you're looking at 5-15 minutes to download a 4k rip on the average home connection. This is also completely ignoring pirate streaming sites, that while not as popular as they used to be, still exist and are lower friction than Netflix half the time.

I'd wager I know more people pirating films/tv than I do music.

Those pirate streaming sites are such a nightmare of ads and malware, I find it hard to believe many consumers prefer it to legal streaming. The reason somebody would use that is because they can't afford the legal streaming service, or legal streaming isn't an option at all. This has nothing to do with DRM.

And why do they use those shady pirate streaming sites, instead of pirate torrents of higher quality? It's because many of them struggle to find even 8GB of free space. I know some users who view deleting files to free up space to save new files as part of their daily routine. It doesn't need to be this way, but that's the way it currently seems to be.

Early streaming services didn't own their own content but DRM is/was a requirement for most content contracts. I don't totally buy this argument and I think everyone knows its doesn't do much to stop piracy but its just a part of the process now.
> That's why DRM-free distribution is a non-starter for virtually every media company, because it saves them money.

Why is it saving them money a bad thing?

> DRM punishes paying customers and does nothing to stop piracy.

There is a plot twist here: DRM does help stopping piracy, but only for smaller businesses producing the contents that appeals enough to be copied but not enough to be paid for. I'm pretty fine with Steam DRM for that reason, without that indie games will have much harder time. For Disney+, I cannot understand their reasoning at all.

Most games on Steam don't have DRM. Valve's DRM product is called Custom Executable Generation (CEG) and it costs extra for developers to add to their games. Most steam games work fine even if you uninstall Steam and have no internet.
How exactly many games do (EDIT: typo) have DRM? AFAIK the answer is "many enough", I'm unable to give a concrete number but I do recall many games in my library that doesn't appear in a list of DRM-free games. I don't agree to your premise.

(To be clear, I do think DRM---so-called---is very bad in general. I accept DRMs for indie games only because DRMs have been already existed for games.)

[1] https://steam.fandom.com/wiki/List_of_DRM-free_games

That list is community-maintained and almost certainly contains many omissions.
What makes matters worse is they inform the consumer that yes you can just steal the film. I was involved in the Private Server scene in my younger days and a game had a campaign against private servers. Ever since like 90% of the people in that private scene have told me they only knew about it cause of the campaign. You spark the human curiosity and screw yourself.
It's the Streisand effect in action.
We really should remove all definition and references to the Streisand effect. Then everyone will know about it!
Medieval moralists discovered that they could not express in too much detail proscribed sins for the obvious reasons.

The DRM industry has yet to learn this lesson. Thankfully.

The info is there not to stop piracy but as a legal matter in case the customer says "I didn't knew, I wasn't informed".
I'm not sure the "you wouldn't download a car" is legally binding
That one was just confusing anyway, the general response was "if it existed, yeah I would".
> DRM punishes paying customers and does nothing to stop piracy.

I would think DRM stops trivial tools like a Chrome extension that adds a "Download" button on anything you're watching on Netflix.com.

Which is good enough. Because piracy is confusing to most people. Piracy sites are scummy and require tech-savyness just to navigate them and download the right thing.

For example, my girlfriend knows "The Pirate Bay" by name though a torrent client is still confusing to her. First google result for that is https://thepiratebays3.com.

It has a scary and scummy banner at the top: "Official The Pirate Bay Warning. Do NOT download torrent files without hiding your IP! With a VPN you can Hide your IP & stay anonymous, avoid fines and lawsuits, especially in USA. <Link to NordVPN affiliate link>". And searching anything doesn't work for me.

So, I think the war against piracy is more or less won due to how relegated it is to a tiny part of the population that's capable of navigating it.

I know some not very technical people that bought some HDMI network restreamer on ebay, it's basically an HDMI splitter with an ethernet port that will act as a (I think rtmp) server. I didn't check the technicals details, and he uses VLC on his desktop computer to record movies he wants to keep. He does it at night with TV luminosity and volume at near 0.

Of course you have to play the movie/serie in mirror on the TV, but he can record HD (not sure about 4k) movies of whatever plays on the TV. The cherry on top is that he bought 3 IR mirrors (well, it was just aluminum sheets) that he placed strategically to be able to control the IR stuff of the TV from his bedroom.

He was a but uneasy when he showed that to me, but I didn't mock him, I was genuinely fascinated by that setup. For someone who has near zero technical knowledge, this was very good.

I don't really have a point, I just thought of it when you mentioned your girlfriend fear of the pirate bay.

It's not even really about stopping your friend, although I'm sure they'd like to do that too. They want to prevent there from being a zero effort "download button". That's the only advantage of DRM (same with DVD/digital delivery). Even the act of having to insert a DVD, or hit play and manually record is enough to stop people.

If they went entirely DRMless, you'd just be able to copy the content to a thumb drive, and share with friends. Instead, you have to mess around with other software (or in your friends case hardware), that does sometimes "breaks", or is otherwise inconvenient.

It's the same as DRMless games; people absolutely go crazy making copies (even back in floppy disk days). As much as the pirate community likes to pretend they're in it for moral reasons, some of the DRMless games by smaller developers became the most pirated games out there.

It is a very minor deterrent, for people that are too lazy. That's one area where streaming has prevailed over pirating. People can be extremely lazy, and having a convient streaming platform with decent content, is enough for some people not to bother.

You don't need a torrent client to watch movies on piratebay.
You don't?
latest uTorrent is just a webapp that streams torrents, there are also a bunch of others.
That's contributing to the death of torrent ecosystems in the same way as Popcorn Time: all leeching, zero seeding.
Yep. 100%. At the same time, torrent ecosystem is a lot larger than piracy and movies/TVshows and actively used to share big data among researches and individual "archivists".

r/datahoarder lives in torrent ecosystem (there are a lot more things there besides linux ISOs)

internet archive is also big with torrent files that have nothing to do with streaming.

You are right to some extent. Which is good for the copyrighted works but it is also sad. People, with all this beautiful technology are uncapable to understand or use it. Everything today goes down to "simplify usage even if you remove some features as people wont be able to use it".

I still remember days when I was kid, smuggling c64 under car seat into Slovenia (former Yugoslavian republic). All the sofware was sold on flee markets by known pirats. No internet, no manual. But still we were more than capable to grasp software usage, learn to develop in basic, even asm (after getting some book from Austria, german and translated line by line with help of dictionary - I was 12).

It comes down that resourcefullness is coming from lack of something. But today everything is available and no one tries to be resourceful. Probably the decadent part of human evolution.

Anyway, piratebay is part of known torrent scene, but there is also less known part, at least to the public: https://wiki.installgentoo.com/index.php/Private_trackers#Wh...

> DRM punishes paying customers and does nothing to stop piracy.

That's not necessarily true. I agree with the DVD example, but for example, I've almost never had any issues with Netflix's DRM. I can even pre-load videos on phone/tablet, and for the most part it works as expected. Same thing with Steam, it's fairly transparent to the user.

Yes there are bad DRMs out there, but there can be a balance when done right where it doesn't hurt the customer and provides more value than pirating (like Steam).

This ^

DRM is only to create the illusion of security, to deter the average person, not the determined pirate or developer. Once you've sent the content to the client, you've lost all practical ways to avoid these torrents.

I imagine you'd see a lot more casual piracy if it were trivial to copy, i.e., people just sending the videos to their friends.
For every person torrenting there’s multiple getting movies off friends on USB sticks and stuff.

One member of my family does the torrenting for a dozen others in my family, and I know plenty of others that work like that.

I personally do a mix of paying for content and pirating. I’m 100% happy to pay for content if I can, but with geoblocking and platform restrictions and all the other bullshittery, it’s legitimately impossible for me to legally buy half (or more) of the content I’m actually interested in, so I pirate it, and I don’t feel bad for doing so in the slightest.

I also regularly have to pirate things I already own thanks to DRM that doesn’t work on my devices, missing subtitles, etc.

The entire industry is broken and it’s their own fault.

Not sure if applicable to your region but have you given movieseverywhere a shot?
Do you mean Disney Movies Anywhere? That’s a US exclusive, like just about all content these days.
Mostly so.

With some interesting exceptions, luckily. You can watch Star Trek: Discovery on Netflix in 32 countries, including most of Europe, but not in the US (there it's an exclusive on CBS or something like that).

https://moviesanywhere.com/

This website, it's not Disney specific, but that sucks. It would mostly be the convenient solution to this problem. If you have a movie on iTunes or Play, it unlocks in the other, and vice-versa.

The argument above was that the lowest level of Widevine is sufficient to prevent casual piracy (through that channel), and I agree: It's a lot easier to just torrent a clean version than to dump an encrypted Netflix stream, run some side-channel attack on Widevine (for which the PoC code doesn't seem to be public), then decrypt the dump.
Pirating is already casual. But situation is much worse.

I can have russian voiceover from 4-5 studios on the next day after popular TV series aired. They even go this far, as to put full time commercials of not so legal online casino web sites. I dont even need to torrent, to watch any tv show next day after air. There is android apps that will allow to watch any show via http or torrent. There is pirate websites with payed and free access. And as I said earlier fulltime commercials of online casinos, that sponsor pirate translations.

This situation is very bad for any commercial tv show services in ex USSR territory. No low regional prices can battle 0 price.

> I imagine you'd see a lot more casual piracy if it were trivial to copy, i.e., people just sending the videos to their friends.

Then just put enough of DRM for that not to happens. The fact that it's working through an app is more than enough. Most people have trouble even getting videos out of Youtube and doesn't know you can find apps to do that.

People share password much more than they share video files too.

How those webrips are performed? Are there leaked DRM keys or something like that? I thought that DRM encrypts stream all the way from website to display, so it's quite hard to intercept it.
HDCP has had its master key leaked in 2010. You can also buy hardware over the internet that bypasses HDCP.
Ok but that will be lower quality. The original compressed file will be decoded and sent to the monitor at full resolution and frame rate, and then the pirates will be able to capture that. Then the pirates will need to encode/compress that for distribution. This new file will be lower quality, I believe.
If you have a good internet connection and graphics card you can just capture the screen and intercept the audio separately. It's got a few artifacts here and there, but nothing that makes it unwatchable
It's not clear. The tools are kept secret to avoid patching. But presumably they reverse engineered it and have a way to capture the raw stream.

I know at one point they were using Roku TVs or Fire TVs which allowed an older DRM standard. Now apparently there's a crack for Windows that's kept underground in the scene groups doing releases.

Pirates cracked Widevine (and possibly other schemes). They have a drop-in replacement DLL (which they keep secret) that dumps the original content of the stream (not a screen / HDMI capture, like the other two comments said). This is called a WEB-DL, while capturing and encoding the stream is usually called a WEBrip.
This doesn't work for Widevine L1, as L1 is handled in hardware. Windows has some interface to the Intel Management Engine used for this, Android OEMs write drivers and ship devices with keys, other platforms are out of luck.
That's correct. Anything actually protected by Widevine L1 (meaning no workaround to get L3 instead) would require a different approach than just cracking the library.
If 4k netflix is what protected by their best hardware DRM, then... somebody managed to either exfiltrate the key, or drill the chip and get it extracted physically.
No key involved, but a long time ago, circa 2008, I used to record my TV shows in my Rogers (Canada) PVR. It so happened it had a firewire port, and all you had to do was load the firewire SDK on your macbook, and when you play back your show on the PVR, you could capture the raw .ts (transport stream) which contained the MPEG2 video.

I think that's why most players now have no extra ports besides the HDMI as it was easy to bypass the HDMI protection...if you can call it that.

When a bad outcome is assured (piracy from their perspective) the only rational course of action is that which will prevent the blame from falling on you:

"Yes it was pirated, but we spent maximum cash on the very best DRM... what else could we have done?"

It’s designed to reinforce the idea that piracy is morally wrong.
> And yet 4K webrips of recent Netflix shows are readily available on torrent sites.

WEBRIP (capture) are worse quality than WEB/WEB-DL (hacked DRM)

So actually you prove their point, they are winning.

The scene can do some WEB, they keep it secret, they even have servers for crew member to use without telling them how.

WEB is probably using old TV software with weaker DRM, hence why 4k is rare.

I'm not a lawyer, but if we look at the DMCA,

17 USC §1201 (A)(1)(a): "No person shall circumvent a technological measure that effectively controls access to a work protected under this title."

No one is interested in perfect because the actual DRM is only a tiny sliver of the protection. The bulk of it is the threat of having to pay a huge settlement because you don't want to get the piss beaten out of you in court.

>No one is interested in perfect because the actual DRM is only a tiny sliver of the protection. The bulk of it is the threat of having to pay a huge settlement because you don't want to get the piss beaten out of you in court.

I don't find that argument convincing. I can't think of any famous cases of copyright holders or law enforcement going after rippers/encoders (the people who break the DRM and make it available for others to copy), but plenty of cases of them going after people who downloaded the content.

And worse... You could have crappy DRM and if someone circumvents it. Its cheaper to produce and you can still prosecute the rippers.
That doesn't explain the cat an mouse game. DRM schemes are constantly updated to fix issues so that previous hacks no longer work. Occasionally, the industry invests big money into sweeping changes.

If what you're saying is true, you'd expect the minimum reasonable measures to suffice. No need to invest in new methods. Yet they do. I'm sure lots of people would be interested in "perfect", if you had that product to give them; you could be a millionaire, the problem is that it's impossible, as far as we know.

It gives content producers leverage with device manufacturers.
My experience with small content producers is that their decisions surrounding stopping piracy have almost nothing to do with the economics of it; it’s an emotional decision. I’ve seen people spend 25%+ of their content’s revenue on DRM.

Now, why the major players also pour money into this stuff is just baffling.

They're available on torrent sites, but how are you going to watch that video on your Roku, Apple TV, smart TV or whatever? The key here is hardware control. The big players have it.
Plex and similar software are pretty popular. Not to mention most phones can 'cast' to all those devices. Both my smart tv's even have USB ports.
It's kind of funny the number of people responding with Plex. I've used it for years, and it's an effective piece of software but it requires running a server in your house, managing storage, etc. etc... there's no way the average user is interested in doing that.
> it requires running a server in your house, managing storage, etc. etc... there's no way the average user is interested in doing that

Which is why my family, my girlfriend's family, and all our friends just use my Plex server

Plex is just an application. My start, back when it was still Mac-only, was to run it on my Macbook Pro. When the drive got full, I deleted content that I'd already watched.

For a decade now, Plex runs on any Windows / Mac / Linux device. It'll run on a Raspberry Pi. NVIDIA Shield. Western Digital's My Cloud NAS products (from $139 w/ 2TB). QNAP. Synology.

The main obstacle for "average" people is just knowing that Plex exists.

It isn’t just an application, it’s an application that runs on your always-on computer. Which most people don’t have. Nor do they have a Raspberry Pi, QNAP or Synology NAS.

Knowing that Plex exists is certainly one thing. But you still need to run it somewhere.

What's the argument here, that average people are too dumb to know that their computer needs to be on to access something running on it? That they're too dumb and poor to find and buy another device to run their Plex server if they don't want to use their PC?

I think you underestimate people a bit too much.

"Too dumb" feels overly emotive. But yes, I'm saying there is a significant gulf between the average user's current setup (a Roku, Apple TV, whatever) and a server that costs several hundred dollars (if you want anything approaching plug and play) and has to be on all the time, both financial and tech knowledge wise. It's not that users are "too dumb" to do it, it's that it is an inconvenience people are more than willing to pay to avoid.

"You use your remote to choose the show you want to watch, and you watch it" is worth $10-15 a month to people when it's compared to "You buy a server, plug it in and leave it on all the time, maybe be responsible for software updates on a regular basis, and also set up some kind of torrenting system to request the shows you want in advance".

My experience around average income non-tech-enthusiast parents is they have a binder stuffed with $2 pirated DVDs and a USB drive full of stuff they've torrented / exchanged with friends.

Running Plex with whatever computer they've got isn't a stretch.

A Plex server will reach out even if you don't open the port it wants. It doesn't require you manage storage, just have a bit of space on a HDD. Same with a server; it needs a desktop, which only needs to be on when you want to watch something.
> how are you going to watch that video on your Roku, Apple TV, smart TV or whatever?

Plex ;)

> many Android devices only support level 1

Isn't Android the biggest OS on the planet by # of users?

Wouldn't the impact be huge?

> I don't understand who these higher levels of DRM are trying to target.

They target device manufacturers. If you want to sell a computer/tablet/phone/TV that will play Disney+/Netflix/etc, then you must submit to their demands, pay their licensing fees, and hope you don't anger them. They want to be the gatekeepers to who can make a commercially-viable product.

Aside from this comment[1], DRM prevents casual piracy. There was a point where a lot of my music was cassette tapes with the album written on it with a sharpie. DRM definitely prevents this.

HDCP up to 2.2 is completely broken, so even perfect software DRM has a huge gaping hardware hole, but most people don't have the tools needed to circumvent this.

One person breaking the DRM can make a torrent for all torrenters, but if say 1/4 the population can break the DRM, then people will copy things for friends.

The closest current day equivalent is probably many people sharing a Netflix password.

1: https://news.ycombinator.com/item?id=21307648

It's all about (pretending to be) protecting intellectual property. After all, a large part of media companies' assets are intangible IP. To make sure the value of that asset is not eroded, companies such as Disney must invest in technologies that claim help protect it.

(Edit: to be more precise, they must invest in tech that maximizes the extraction of (future) value from that IP).

I think at this point it's just an excuse for sub-par distribution networks. Or an excuse for poor playback compatibly. Or maybe even a way to save on bandwidth.

It gets them out of any contractual or common law minimum level-of-service complaints.

They aren't for the consumer or even product security despite what they say. They certainly pay enough to afford people to tell them the truth - instead they pay extra to get ones who tell them what they want to hear.

As far as I can tell they are a very expensive security blanket for those too tech illiterate to realize that trying to circumvent the analog hole for serial formats is barking madness or as an ass-cover.

It brings to mind the use of polygraphs as similar outright instituional superstitions whose true function is blame deflection.

From the headline I was kind of excited. Like disney using some freak tech stack on their servers like freebsd or windows.

But it is just DRM incompatibilities with linux. Kind of a bummer. On a side note: prime also stopped working for me on mint+firefox. Still works with chrome though.

So, at least from my basic research, the levels seem to be switched in this post: L1 is the highest level, not L3. So if Android and Desktop Linuxes support L1, that should not be an issue. Perhaps its is a minor error and he meant L3.

That being said, is it possible for the user to have their Desktop Linux support L1 somehow? Android is a Linux that clearly support L1 and can show these formats (I imagine), so can that be accomplished on another Linux?

Android depends on the hardware, but generally speaking Western devices support Widevine Level 1 and its implemented in hardware. Desktop Linux will only ever support Level 3.

But Chrome on Windows also supports Level 3, and Disney+ works in Chrome, there, so the article isn't correct.

Why do say that Linux will only ever support Level 3? Is there some fundamental limitation?
There's the fundamental limitation that the odds of any maintainer rewriting the entire graphics pipleine to secure the video path from the user for DRM on Linux is roughly zero.
A corporate sponsor might rewrite it... Chrome OS did it after all...

Probably wouldn't get merged into mainline Linux tho due to all the DRM opposition

Probably because MS and Apple bend over for producers and put special code in their OS for DRM. You can google for it but here's an example: https://docs.microsoft.com/en-us/windows/win32/wmformat/micr...

This is the same reason that only some Android devices support higher levels of Widevine; Samsung will add code to their OS that allows video/audio to be processed through inaccessible areas of the processor/GPU. If you try to take a screenshot it will just show up as a black screen (same on Windows with the Nextflix app IIRC). Cheapo Chinese Androids and even cheap Androids that you can buy in the US will not do this so they can't play high-res video on Netflix, even if they have a high-res screen.

On Linux this special path is not implemented; anything can see what's going on with the graphics or audio pipeline and record from it.

So I guess my question is why will Desktop Linux only ever support Level 3? If its the equivalent hardware that a Windows device would support L1 (or does that not exist?), then wouldn't, say, an Android device in para-virtualization be able to show you the content in HD? Wouldn't the right pieces extracted from Android and loaded into Desktop Linux allow you to watch L1? Just hypothetically. I guess my question is: is Desktop Linux actually incapable of doing it for some reason, or is it just that no one will ever distribute a distro that can do it out of the box, but you could theoretically assemble it yourself.
Windows and Linux both only support L3, since L1 depends on hardware DRM support. The problem here is that Verified Media Path (VMP) is not supported on Linux. Amazon “solves“ this issue by restricting Linux to SD streaming, but it seems Disney+ doesn’t allow streaming without VMP at all.
Anyone who’s used Disney’s existing streaming service will, I am certain, tell you it it truly awful. It’s incredibly slow, saddles you with massive downloads regardless of device or connection type. The app sometimes just doesn’t open at all.

I really hope whatever they’re making is not based on what they are doing currently.

This whole thread has been rather surprising to me, we've been enjoying Disney+ for a few weeks now and I've been amazed how wonderful all the content is. I've never seen any errors or the issue described in this article (I'm on Mac).

The only thing about the UI that I miss is that it does not respond to keyboard shortcuts (like pressing spacebar to start and stop the playback).

But overall, I've been very happy and impressed with the service.

Are you from the future?

In all seriousness though, how are you able to enjoy Disney+ currently? It has yet to launch. According to the Disney+ website it launches in just under 23 days from now.[0]

0. https://disneyplus.com

It was released early in some regions like the Netherlands for testing and promotional purposes.
Thanks, I of course didn’t read the article before asking my question. Glad to hear it works well so far. Looking forward to it when it goes live. Cheers!
(comment deleted)
Likely works just like ESPN+, which runs like dogshit on my roku.
I've been using it on a Chromecast. I'm not sure what "wonderful" content you're amazed by - there are some nice movies but I think by next month we will be pretty much out of interesting stuff to watch. And technically it's also not that great - it takes a while to load and in about 50% of the movies I've watched it froze and I had to restart the app.

We will probably stay subscribed though so it's not all that terrible.

If you can watch nearly a century‘s worth of great content by Disney in only one month, you have a lot of free time!
While I understand why Disney is getting much hate here at HN, I don’t think Disney really deserves it; Let’s face it, Linux is a very niche OS.

Just flipping on a switch for level 3 on Linux also takes money, as then they have to check whether it’s working at every deploy, provide customer support for them, etc, ...

And there’s people in this thread that DRMs are pointless... but IMO DRMs aren’t useless, it works as a small barrier for users to not copy. Think about two hypothetical people A and B for example;

When DRM exists: A talking to B “Hey, I’ve watched the movie XXX from Disney+ last night, you really should subscribe to see that great movie!”

When DRM doesn’t exist: A talking to B “Hey, I’ve watched the movie XXX from Disney+ last night, you really should see it. I’ll give the movie file in my USB tomorrow.”

I don’t like the company-tired nature of DRMs, but not much of a solution exists, esp when DRM was rejected by the web standards.

When DRM exists: “Hey I watched this movie that hasn’t been released from Disney last night, have a copy and you can enjoy it too!”

The only thing preventing this stream working on Linux is someone paying Disney the licence fees. It’s nothing to do with control of end product quality. Disney does not provide support for customer technical problems.

> When DRM exists: “Hey I watched this movie that hasn’t been released from Disney last night, have a copy and you can enjoy it too!”

Only if the value of time consumed trying to break the DRM is lower than the Disney+ subscription fee. And I think for the majority, the Disney+ subscription fee will be lower.

For a lot of people I know, there’s more cost than just the subscription fee, there’s also buying equipment to support that streaming service.

It’s like people recommending I upgrade to Windows 10 when the machine I am using is barely capable of running Windows 7. It’s not just $10 a month, it’s also $1000 for a new computer to watch it on. Or a new TV which means buying new furniture since the current cabinet can’t hold anything larger than 30” and the smallest TV I can buy is 44”.

Then there’s streaming requiring 25Mbps when my Australian NBN struggles at 12Mbps.

From their response it sounds like they are on it, it's still 3 weeks until the official launch in the bigger markets and it's only live in NL as a test market right now.

To me it sounds like a normal bug for an edge case. It's made out to be much more than it actually is with this clickbait title.

Ironically, scrolling for the article is broken on iOS Safari.
Could this be fixed by disassembling the widevine .so/.dll and altering the function that returns the "security level" so that it always returns the highest level?
The highest security level involves hardware keys. You'd have to get a hardware device that supports it and extract the keys somehow
So what hardware device is it interacting with when it is able to run properly on windows and mac? Is there a reason Linux couldn't interact with this hardware in the same way?
Maybe SGX? SGX requires kernel support, which Linux currently lacks.
There isn't any, hence why those devices aren't certified to the Widevine Level 1.
As I understand it, the DRM authenticates the physical monitor/TV with a key on the hardware. That part is uncrackable because authentication is done on Netflix-side.

But as for whatever is rejecting Linux but allowing Windows/macOS, that has to be completely in-software. I think you are right--this could be bypassed by changing a register value somewhere. This sounds like a fun project.

>But as for whatever is rejecting Linux but allowing Windows/macOS, that has to be completely in-software.

Yeah that's more of what i was referring to.

Content publishers sometimes demand certain DRM features in order to license their content. For example, they can dictate that only X devices can watch content Y. They can also demand restriction to how content is stored on devices etc. So until the content publishers change their restrictions, DRM will be there and will be annoying to customers :(
Disney owns all the content they're streaming.
Are we forgiving Walt Disney for having 'trouble makers' blacklisted and investigated by HUAC? I'm not.

Even if they made something besides pablum, I wouldn't be interested.