State of DRM & Widevine

Digital Rights Management and Why I don’t like the state of it… but why it’s a Necessary Evil

The state of Digital Rights Management

DRM – Digital Rights Management is how owners of media protect legal rights to media. Personally, I don’t enjoy digital rights media – for multiple reasons. The controls enforced through digital rights media affect media users that plan on utilizing the forms of media through multiple forms of communication, like FTP/S, RSYNC, HTTPS servers – however, are disallowed due to the controls of DRM in place. The state of DRM completely takes out the trust of purchased media from the consumer. In a perfect world, when you buy a product online – it is yours. However, there are issues that need to be addressed.

This has always been an issue throughout the public exchange of information through the internet. Older file sharing programs like LimeWire; torrent applications like BitTorrent, and even http(s) websites like (now, I guess) allowed consumers to freely share movies, music, applications, video games, essentially anything that can cost money on the internet and can be recreated was shared through these sites and applications. This lead to a consumer friendly subscription-streaming services like Spotify, Netflix, Steam, Adobe, Microsoft, and essentially all of the major software companies. This allowed the consumer to freely consume media on-demand; for instance, I really enjoy Jason Mraz – but I don’t enjoy ALL of his songs on his album Know – but I’d still like to listen to the songs I do like on his album. Well now – Spotify offers a discounted price of $9.99 per month, which is about the price of the album but I can also listen to virtually any other song on-demand for that price. Obviously, I’m satisfied about this adjustment, but so is Spotify and also all of the media owners on their music-streaming service – because I’m not actually owning the media; therefore, I can’t share the media. It takes the risk of freely sharing media but also solving a consumer want = win/win.

I’m a cinephile – I love movies. Probably not too overly, but I do spend a lot of time watching movies. I’m sure a lot of people do – but with the shift of movie/tv streaming services like Netflix, Prime Video, Hulu, HBO Max Paramount+, Disney+, and Peacock – there’s so many options, but those options are limiting the amount of media that are held on each platform.

Around the 2010 time-frame both Hulu and Netflix dominated the streaming market, and they held most of the movies/tv shows that people wanted to watch. However, capitalistic system allows for competition – and they definitely got it. There was a time where there were so many favorable movies were torn from Netflix and streaming rights were spread around to the other streaming services as they came up. Now, if you wanted to watch The Office, it’s on Peacock – How I Met Your Mother?, well – that’s on Hulu/Prime Video, Avatar: The Last Airbender? well, shoot – because that’s on Netflix. What was originally ~10 dollars a month, is now going out to be ~50 dollars a month – and that’s only TV Shows. Ok, that’s fine – here’s what I’ll do. I’ll just digitally buy the media and then host it on an FTPS, RSYNC, or even a Plex media server – I can even host it on an OpenVPN server in my private network so that I don’t have it available to the open network, wambam done – I can watch all the shows/movies I want to watch. But where can I buy the digital media? Well – you can’t. I can watch the rights to play a movie online (or even offline) using proprietary media like Google Movies or Prime Video by individually purchasing the movie – but how can I transfer it to my server? You don’t actually own the data when you buy it from those services. Most media providers use something called Widevine DRM (if you use Gentoo and try to go on – you might’ve had to build this package as well as the ffmpeg package for Firefox).

What is WideVine?

Note, I’m not really an expert on the actual details of Widevine – I’ll post more information near the bottom of this paragraph. It’s a Google owned service that authenticates and encrypts downloaded media. But essentially, whenever you download a movie or TV show from a streaming service, the downloaded product is encrypted with something called a Content Encryption Key. This key authenticates the authenticity of the client but has an expiration date. This is why – whenever you download a movie, you need to be connected to the internet at some point in order to “renew” the watch availability for that movie/tv-show. Widevine is widely used, basically every media platform that offeres “download” in order to play offline – is using Widevine DRM. This prevents you from downloading the car.

Simply, when I buy the digital copy of a movie from Google Movie or Prime Video it’s encrypted. I want the actual digital copy of the movie/tv-show. Not to reproduce it, but to use it on multiple platforms on which to use it. I understand the purpose of Widevine DRM. I understand why it has to be used, and why it is widely used. If I were to run a successful restaurant, I wouldn’t want people to find out my secret recipes or find some way to easily recreate my food. It’s supposed to be consumed by the people who buy it from me – or at least, give me some royalty. Maybe – if someone were to buy the recipe off me just for their own personal use, I’d definitely be hesitant to allow them to have the ability to reproduce it for other people. They could potentially start their own business, post the recipe on a public website, etc… It’s just not a risk that I’m able to afford. Think about Movies and TV shows – many people were apart of the creation of these products; it would be extremely unfair if the hours of blood and sweat were erased due to torrented sites like PirateBay.

Or is it…?

This isn’t an ethics class. To be honest, I don’t even think that I have a good grasp on proper ethics or morals – so I’m not a good person to base your beliefs on. Nor am I a business expert or micro/macro economics expert – so take everything with a grain of salt. But besides Netflix original movies and shows, Netflix offers producers or studios a licensing option in order to showcase them on their platform. Meaning, only the top portion of the studio receives the income. This can be thought as the trickle down concept, where the studio NEEDS to make money in order for their workers to have jobs, and therefore get paid. But, here’s the issue… consumers are having to pick and choose which streaming service best suits there wants. That means that the income that Netflix originally generated during their dominance back in the early 2010’s isn’t available anymore – which means the studios are forced to accept licensing deals from other providers like Prime Video, HBO Max, etc… Actually, this is the same reason why torrenting has become more popular lately.

My Alternative

I’m not going to make crazy demands like, we have to do away with Widevine DRM, because let’s face it – if it’s easy to share a movie, more people would do it. Especially with the advancement of technology, and the speed of data transfer increasing year after year – I could download my favorite movie in mere seconds. I’m also not going to demand that there be a streaming service to rule them all – if I were to pick one, it’d be Netflix, I think they have the least buggy content platform, but lately it’s hit or miss.

I want to propose alternatives.

Firstly, I think streaming bundles would really benefit the consumer. Now, this is stepping out of my bounds as a cybersecurity student, but I wouldn’t mind something like this. Where all the streaming services bundles up all of their intellectual properties into a rated bundle. Ok, cool whatever. Got that out of the way. I’d also another standard protocol where .mp4 or movie/show type files can be authenticated through digital authentication like digital certificates, which is then used to unlike a pre-shared symmetric encryption. Then, on top of it – have a platform, free of use to disseminate and authenticate digital authentication requests – possibly through a web-of-trust

or central authority authentication. The web-of-trust concept would probably best be used within a block-chain – as this enables central authorities or any appointed authority to easily verify and authenticate purchases and identities. This platform can be used in conjunction (or possibly even maintained) by Widevine DRM, as it’s already the widely used standard for DRM. This will enable consumers to selectively purchase and download movies from Google Movies or Prime Video or whatever is available for digital purchasing, and can use this data on whatever medium that they want. Then, that data and consumer can easily be authenticated, online with intermediate appointed authorities, and offline with private keys to unlock the bulk encrypted media. This is the compromise – as it really doesn’t address exactly what I’d like, but it opens the door to pure data ownage and dissemination through the internet. The only other way of owning movies/shows is through buying the physical dvd and burning it. BUT! The compromise allows for streaming-funded tv shows/movies (like Netflix originals) to be consumed more easily offline and on different forms of media that can’t use their app.

[This Blog Post was migrated]

By Diego Uy

Military dood, father of three, husband of a sexy momma. Network Administrator | Security enthusiast.

Leave a comment

Your email address will not be published. Required fields are marked *