maybe to stop the .01%. switching to app only, sign in only would get them pretty much all the way there.
They own the os, with sign-in, integrity checks, and the inability to install anything on it Google doesn't want you to install they could make it pretty much impossible to view the videos on a device capable of capturing them for the vast majority of people. Combine that with a generation raised in sandboxes and their content would be safe.
Of course, the same can be said for FB, Tiktok, instagram, Pintrest, reddit, ... and I'm sure the list keeps going. Frankly, Youtube is pretty damn good about this, really.
Well, there used to be a lot of economic theory about how stupid it is to have marketplaces (like Youtube fundamentally is) be owned by anyone but the government. Entire books.
I guess at that point we could do it the old fashioned way by pointing a camera at the screen. Or, I guess, a more professional approach based on external recording.
Wonder if you could train a neural net to take camera recordings and basically reconstitute the original. For a given setup, the distortions should be pretty consistent.
I might be recalling it wrong,but I remember reading that there was some old hardware that refused to record protected TV/Movies probably a VCR or a DVR.
Camera manufacturers can easily refuse to record a stream of they detect it is protected, may be via watermarks or other sidechannel.
HDCP is how modern digital displays (and digital display recorders) do it.
You might be thinking of Macrovision, which was integrated in a lot of DVD players and would embed pulses into the vertical blanking interval of the analogy video output. These pulses could be detected by compliant DVD recorders and used to refuse recording. The pulses would also cause playback defects in some older VCRs and TVs.
I remember connecting my first DVD player to an old TV via a VCR (effectively using the VCR as an RF modulator) and being plagued with the image brightness constantly lowering and rising. At the time, I fixed this by switching to a dedicated RF modulator. I now suspect Macrovision is what caused this.
> HDCP is how modern digital displays (and digital display recorders) do it.
But that's inside the system. I'm talking about recording the physical output, i.e. the screen itself. With a controlled environment, known screen characteristics, I would hope that an external recorder + post-processing can create high quality images or video.
Old VCRs looked for a hidden signal that rental videos put out so you couldn't record them. But it was easy to block with a cheap device that you put in the middle.
Macrovision worked by outputting signals that were just barely out of spec, such that TVs would be able to correct for the issues just fine but VCRs would constantly lose sync.
They find devices that are easy to hack (and I mean rip and tear) and extract the decryption keys from each of them, from what I have heard cheap chinese tvs and set top boxes, they extract the keys from the chips (hardware hacking, heard some even use microscopes to read the keys by hand), and then use them to decrypt streams, I heard that they catch them pretty fast to they use like 1 device per season. This is why they use mostly stollen devices.
The really shitty thing is that vulnerable devices get blacklisted en masse, so all legitimate users get stuck with 480p video content on streaming services. The Nexus 5 got this treatment, as I understand it, because it was too easy to extract the keys.
Not a Netflix user here: Are you saying that paying customers get cut off from higher video quality, that they are possibly paying for, and pressured into buying new devices? That shit should be illegal!
Search for widevine decrypt. You’ll find code and forums where at least some L3 (software) keys are publicly shared. For high resolution on some platforms, you need L1 keys, but as far as I understand the decryption process basically stays the same once you have a working key.
You won't find a ton of up-to-date info that would let you do the same - the scene groups hold their methods closely specifically because of this cat-and-mouse game.
I.e I know that hdmi stream can be encrypted so I guess for Netflix you can't juste have a "hdmi splitter"? Do you need to go as far as plugging yourself just before the lcd pixels ? And if so , is it the moment where its easier to have a high def camera pointed at your lcd screen with post processing?
Breaking HDCP is a lot easier than breaking the other things. You don't have to attack the torment nexus directly. This is not the most ideal option but it is information theoretically correct assuming your capture rig is set up properly.
You can only get a WEBRip that way, not a WEBDL, since you'll need to re-encode and introduce some generational loss. The gold standard for streaming piracy is stripping the DRM from the original compressed bitstream, remuxing it to mkv, and uploading that as-is for maximum quality.
I knew of this chrome bug which could allow netflix to be ripped. I had heard it in comments of some section of youtube and I might need to look further into it but its definitely possible.
Yes, it's called: Web Environment Integrity + hardware attestation of some kind
> "the technical means through which WEI will accomplish its ends is relatively simple. Before serving a web page, a server can ask a third-party "verification" service to make sure that the user's browsing environment has not been "tampered" with. A translation of the policy's terminology will help us here: this Google-owned server will be asked to make sure that the browser does not deviate in any way from Google's accepted browser configuration" [1]
Let's say the only devices you can get that will run YouTube are running i/pad/visionOS or Android and that those will only run on controlled hardware and that the hardware will only run signed code. Now let's say the only way to get the YouTube client is though the controlled app stores on those platforms. You can build a chain of trust tied to something like a TPM in the device at one end and signing keys held by Apple or Google at the other that makes it very difficult to get access to the client implementation and the key material and run something like the client in an environment that would allow it to provide convincing evidence that it is a trusted client. As long as you have the hardware and software in your hands, it's probably not impossible, but it can be made just a few steps shy.
The decryption code could verify that it's only providing decrypted content to an attested-legitimate monitor, using DRM over HDMI (HDCP).
You might try to modify the decryption code to disable the part where it reencrypts the data for the monitor, but it might be heavily obfuscated.
Maybe the decryption key is only provided to a TPM that can attest its legitimacy. Then you would need a hardware vulnerability to crack it.
Maybe the server could provide a datastream that's fed directly to the monitor and decrypted there, without any decryption happening on the computer. Then of course the reverse engineering would target the monitor instead of the code on the computer. The monitor would be a less easily accessible reverse engineering target, and it itself could employ obfuscation and a TPM.
