https://widevine.com/solutions/widevine-providers
And surprise surprise, the blog post in question appears to be very thinly disguised marketing for one of those third parties.
Also, the Google service was free and came with no SLA or support, meaning anybody remotely serious about DRM was not relying it on in the first place.
To be fair, there is no official Google announcement to link to. They seem to have announced this very quietly and it is easy for someone to go to the Widevine docs and build something around the server without realizing it’s going away.
It never stopped a thing. Clearly, it only exists to cover someone's arses and check some boxes off the requirement lists.
And yet, some people put actual effort into integrating it, and keep shipping mandatory DRM modules that run with deranged levels of privilege in places like TrustZone. They keep restricting some browsers and phones from being able to view Full HD content - despite that Full HD footage being on every shady pirate streaming website that runs on ads for online slot machines and penis enlargement pills, and the 4K versions of that very same content being available day 1 in any torrent search engine. Because some cheeky madman somewhere has a few exploits, and one exploit is all it takes for DRM to stay broken forever.
Punish the legitimate users, and completely fail to deter the pirates. Security theater at its finest.
Every time I read of how modern economics eliminate waste and inefficiency, this kind of DRM stands out as a counterexample. It never worked and never will - nonetheless, here it is.
Some people keep writing and signing the licensing deals with those stupid requirements that don't touch reality in them. Other people keep needing to fulfill them. And so, the strange useless cover-your-arse-ware lingers in every device, like the smell of stale piss in a public toilet. With no care for how unwelcome it is.
Funnily enough it works better as a deterrent against releasing an Android device without Google being involved than protecting media.
They could perfectly refuse them, and de-facto DRMs would be marginalized, to a point it would not even be an option.
They are, in fact, the big media themselves now. They have the power, and more than enough of it. No streaming service can afford to skip having an app on iOS or Android - all Apple has to do is crack the whip. Say "this DRM is no longer compliant with our device policy and will be phased out by 2030" and there goes that.
But they still act like they're weird web teens who can't raise a voice against the big media boys without getting bullied for it.
That, or they believe this DRM charade serves them - and user experience can go suck a dick.
I'd go for this option, the duopoly think it could be an extra barrier which can help them to prevent future competition.
What's "deranged" about TrustZone? It's just a way to allow code to be executed in a tamper-proof way. Advocates like Stallman might object to this on the basis of "freedom to tinker" and "user control", but it can't steal your data, which is what "deranged levels of privilege" sounds like.
Moreover it's not too hard to imagine DRM implemented in a way that doesn't have those issues. The most obvious example would be some sort of dongle that handles decryption and forwards it to a TV. In other words, a chromecast. It'll still be a black box, but I doubt anyone seriously cares. You can make a case about how your computer or smartphone should be "open", but the case is far less persuasive for a media dongle.
A less awful design would have been to keep the security code at EL2 and have CPU hardware that can isolate two EL2s from one another[1]. This is ultimately what ARM wound up doing with S-EL2, but you still need to have EL3 code to define the boundary between the two. At best the SoC vendor can design a (readable/auditable!) boot ROM that occupies EL3 and enforces a boundary between secure and non-secure EL2s.
[0] Or, at least, TrustZone's secure monitor. TZ can of course run secure code at lower privilege levels, but that doesn't stop a TZ compromise from becoming a full system compromise.
[1] If you're wondering, this is morally equivalent to Apple's guarded exception levels.
Ironically it's a product of the made up concept we call intellectual property that legal teams like to "protect" because they can ask the government to enforce their monopoly over the idea.
Yes, and traffic lights and speed limit signs have no physical mechanism of stopping a driver directly, those who violate them escape without consequences 99%+ of the time, and the 1% that get caught are only penalized after they physically did so already. Clearly, security theater at its finest.
To go even further, only 54% of murders get cleared. 46% are never cleared. Which shows, clearly, the rule against murder is ludicrously ineffective security theater. What's the point of a law that only works on a coin flip, am I right?
Imperfect does not mean ineffective. Every time you make something more difficult it reduces the number of people who will do it.
Pardon my 1990s metaphor, but:
* If you have no DRM and people can just share the install disk, they will do that and piracy will be universal
* If you implement a CD check, yes, people with CD burners can bypass it but those are far fewer. Yes, industrial shops can mass-produce pirated CDs but not everyone is willing to buy those.
* If you implement even more stringent restrictions such that duplicating the CDs is significantly harder (to continue the metaphor, do something weird with the sectors that requires CloneCD instead of more generic ISO-ripping software) and now you're down to people with specialized hardware/software
* If you go further and implement software DRM checks, they can be bypassed, but now we're down to the portion of the market willing to download sketchy crack programs that totally aren't viruses, the host of the website swears. This is a *much smaller* group than those that would just grab an official install disc from their friends.
etc., etc. These measures do not have to be perfect to be effective. There can still be pirated copies available, but if the effort to get to them is sufficiently higher than buying the official copy (and that threshold is different for different people) they have served their purpose.
Most techie people I know ripped their DVD collections. Many ripped their Blurays but plenty didn't because it requires specialized software to get around the DRM. Only a handful of them have ripped their UHD discs which require specialized software AND specific hardware AND flashing a specific firmware on that hardware.
"Cutting down sharing in friend groups" is exactly what they hope to achieve.
>The vast majority of DRM protected content (or at least majority by watch time) available in UHD via torrent in a matter of hours. People like to stay away from torrents, because it carries significant risk in many jurisdictions.
Sounds like you're proving his point? If stripping DRM is so trivial that anyone can pop in a bluray and rip it (like ripping CDs in itunes), piracy would arguably far worse. Pirates today have to brave shady torrent sites and the risk of getting C&D letters. Asking your friend to make a copy is far more accessible.
If you can ask a friend with basic tech know-how to "rip a CD", you can also ask a friend with basic tech know-how and a VPN to "rip a movie".
It's that hard to upload a file to google drive and share a link? Is your model of the average person a bumbling idiot that struggles to do anything other than opening tiktok and flicking up?
I mean, a real average person, in a natural environment. Not in a movie or in stock footage. The real deal.
I have, and, holy shit. I cannot find the words to express just how unsettling it was of an experience. I still haven't fully recovered from it.
Or torrent through a VPN, which many people have access to already.
There are plenty of consumers who are happy to pay a reasonable price for an easy-to-access product.
The question is, does adding DRM onto your product push more of those consumers towards piracy than it does towards paying...?
The biggest flaw with this logic is that screen capturing tools specifically don't work on DRM protected content. Moreover if you're trying to imply making a screen recording is some sort of black magic to normies, you must be living in the 2010s. Nowadays both iOS and Android have built-in screen recorders, and on desktops you can use something like loom, which works off a browser.
If I could rip K-Pop Demon Hunters with a screen capture app to obtain a file I could share with a friend, I still wouldn't do it. Because finding a torrent is simpler and faster. I would get a very similar file, but so much faster, because I didn't have to keep the screen running at x1 for the full duration.
And finding a shady website that has it available is simpler and faster still.
Well no, because the lack of DRM wouldn't just mean you can manually screen record netflix. It also means you (or someone else) can write an app to screen record netfilx for you, or skip that altogether, similar to something like yt-dlp. After all, if somebody wants to rip youtube (DRM free), they don't screenrecord it, they find some random website/tool off google.