Distribution of media content

Slightly off topic, but a note here this morning about Netflix (and Jessica Jones) coming to Italy in the near future has struck a nerve.

It continues to amaze me that no one has figured out a way to distribute media content to the far ends of the Internet, instantly, and still protect the intellectual rights of those who produce it.

The Net has been alive and well for more than 20 years, and lots of things have been tried, but we still have shows like JJ that are geographically limited. Which only ensures that piracy (in general, anything that reduces the IP owner's rights and revenue) remains rampant. And access to the media content is unevenly distributed. The worst combination.

Is this the impossible IT task? Making every movie, TV show, video, song etc. produced in every country instantly available on the Net, everywhere, for a reasonable fee that can't be pirated? Maybe with some kind of AI interface so we can find the kind of stuff (needle in the haystack) that we like?

We're well into the 21st century, but this is still 20th century thinking.

Balkanized information and rampant piracy.

Now that I write this, it all sounds more like the 18th century with Empires trading for their own benefit and Piracy on the high seas. Are we humans stuck at this unfortunately point of our development as a species?

A big-brained ape descendent who still thinks like this is his jungle with our own patch of fruit to protect?


Shader

Well as someone involved in media production i will give you an anwser.

Foreign Sales.

For indie movies and TV shows(like say Jessica Jones) and even to a certain extent Big studio movies, Each country in the world Buys the rights to distirbute indiviual movies before hand-sometimes when the movie is finished, sometime when the show is in various stages of Devolopment. This tends to be the real meat of stuff like Cannes, which is less a film festival then a convention when it sells.

And e lot of indie movies, especially genre stuff in sci fi and action this is where you make the money-in the big markets, like england, Japan, and yes itally you can make between 100k and millions for even stuff that here for a project i was working on a couple of years ago a sales agent said 200k for italy was likely. Which for small movies is a good chunk of change. Its possibly and sometimes even likely to make money on a film from this before its acutally been shot.

In next ocuple of months one of the things i hope to do with my project Duo is well see what i can get-after shooting so far about 15 minutes of a 100 minute movie to try to help finish it. Will see what it does in italy.

This isn't really an IP thing. Berne Copyright laws are what they are. But yeah piracy is a big issue. Spain is a big film going market but not from a foriegn sales perspective becuse piracy means that pretty much movie gets pirated in Spain so you don't make money. ), and theres a lot of quirks around the world. like china which restricts movies(but you can get around it), india which rarely watches foriegn movies...

But As for your idea-nothing preventing it. You could sell the worldwide rights to a company like that, and they just have a go at that-the only issue is that 20 years latter the internet isn't all that devoloped in certain areas. Also Italian stuff has to be dubbed into Italian which isn't super expensive but gets expensive when you you do the 7 big languages that movies get translated into or any of the others that they are sometimes done in.

Its a good idea-but well this isn't so much a legal issue as how things are done.


I will say for you italian fans-Jessica Jones is probabbly going to have a small DVD release in a couple of months-thats what they tend to do with Netflix shows. And there are plenty of Grey Market sites that will buy you a copy of the DVD and sell it to you in italy...and there is nothing at all illegal about it, provided the original copy was bought legally.

I followed the production of a video series, not in this genre, for months last year into this one.
The release date was delayed and delayed.
The DVD finally went for sale only to overseas, non American, buyers but no American purchases allowed.
So basically anyone in the world except their major fan base could watch the movie.
I emailed a direct question which was not responded to but a post on the Facebook page stated that the American release was held up because they were working on a distribution deal with a "major" provider.
The speculation was Netflix or Amazon.
This never happened and soon a "Buy the official poster for the film" post went up on Facebook.
I asked, "Why buy the poster when the DVD is not available for Americans?"
The answer came back: :"The DVD has been available for a week now."
"Why didn't you announce it on Facebook?"
"Maybe we should do that."
I was so fed up and never bought the DVD.

A similar story happened with another production I was following.

Distribution rights in the modern world baffle me.

Markiehoe wrote: I followed the production of a video series, not in this genre, for months last year into this one.
The release date was delayed and delayed.
The DVD finally went for sale only to overseas, non American, buyers but no American purchases allowed.
So basically anyone in the world except their major fan base could watch the movie.
I emailed a direct question which was not responded to but a post on the Facebook page stated that the American release was held up because they were working on a distribution deal with a "major" provider.
The speculation was Netflix or Amazon.
This never happened and soon a "Buy the official poster for the film" post went up on Facebook.
I asked, "Why buy the poster when the DVD is not available for Americans?"
The answer came back: :"The DVD has been available for a week now."
"Why didn't you announce it on Facebook?"
"Maybe we should do that."
I was so fed up and never bought the DVD.

A similar story happened with another production I was following.

Distribution rights in the modern world baffle me.

I belive it.

For indie movies you often sell movie rights before the movie goes out or is even finished to...and then sometimes leave domestic rights an open question.

And for indie movies in general that don't make Theaters or have big P&As(publicty and advertising campaigns)...its kinda of an open question of when they are released. it can be the day the deal is signed or years or months afterwards.

Don't blaim the filmmakers-it could be the distributors fault of all of this, and werid contract stuff. Or maybe they decided to self distribute which does happen.

Is it a good method? No, but its a method

So, bottom line is the balkanized domains of media distributors and this archaic concept of every country getting into the act. (Why isn't at least the EU treated as one domain?).

So as I suspected, its Empire. Or rather in this day and age, its mostly corporations.

The logical response for many remains piracy. You mention Spain is a den of pirates today, which I didn't know, and so are the Chinese and various countries in SE Asia.

So as I suspected, it's still the 18th century (or earlier). Similar concept of Empire, plus or minus, and mostly the same pirates. Nothing has changed all that much except we're now talking digital information and not spices and gold.

21st century problem with an 18th century solution.

Which was my original point. You've confirmed it.

But... do we have to act like apes protecting our patch of fruit in such bizarre ways? Surely the technology exists to solve this so that money flows to the content creators, and everyone has equal and immediate access for a fair price.

The problem, of course, is that some people like this system because it allows them to make money being middle-men. But if you step back a bit, it's truly insane and unnecessary given digital info and the Net.

We aren't sailing galleons full of gold and spice across oceans. The furthest reaches of Earth are only microseconds further away than next door.

Shadar

Well honestly as a filmmaker this isn't bad news for me.

A goal of film is to make money.... and the current arangment is probabbly the most proffitable to filmmakers.

If one company like netflix just bought the rights to all films....well they would offer a bad price for them. Already Netflix is not great for filmmakers in terms of sales-thre okay and have heard there a little better but there business is paying as little for films as they can and there very efficent in deciding how many copies of dvd they need, and setting streaming contracts.

And well its a complete buyers market. if they don't like your film...its not there. gone with no options.

And if it was multiple companies....

well let say one company offered a fix price for a film for all markets-let say a million dollars. by Piecemail seeling it to italy, france, japan, Slovakian Cable rights(which is a thing) maybe they odn't equal a million but there a good chance you can get more. instead of having a few companies mutiple companies across multiple markets are making offers-and that can be pretty good. One can take advantage of market innefieicnes pretty easily if one is clever in film.

Now film is a very easy money to loose money-but it can make.

Plenty of times Studios will by worldwide rights to distribute indie to films...and these films mysteriously don't make money. There is famous expression of stuido accounting where most films make a loss(which is necessarily untrue-just that studios are very inneficent businesses) but part of it is is that you don't have the advantage of this-and most studio distributed films end up just about breaking even.

So yeah-is this great for consumers-well not always. There is a lot of countireis out there, and what oftne happen is some market is left off the table-you don't sell to Kenya or Maurtius, or sometimes as mentioned even america-its werid and strange and not always great for people....

But well...movies can be very expensive, and i want to tell an investor he can get money.

I'll add on behalf of the micro producers: You can try DRM but it's such a pain to support and so easy for people to just work around, it's just not worth the headache and nuisance for the fans that are supporting your efforts.

It's back to the technology question. DRM is lousy technology. In this day of hyper-securty cryptography, there is no reason you can't develop air-tight security on content and make it transparent to the authorized owner.

I would like to see an application that you can download which prepares the media for distribution, and then ties into a clearing house that uses biometrics to complete a purchase, with the resulting file that's delivered encrypted to that unique thumbprint, voice, retina scan or whatever. Maybe they charge 5% or something as a handling charge. But books, movies, artwork, pictures, short videos -- anything that can be stored electronically -- could be universally distributed this way. In that way, every sale involves a uniquely encrypted file that only one person can decrypt. No passwords. Costs would be very low if we took all those middlemen out of the equation. That's where most of the money goes today. End-users would pay less for something and developers would get paid more (or paid at all).

Ubiquitous biometrics are coming. It's common on iPhones and iPads today, and probably other platforms, but the world is moving too slowly to create authorization schemes that are both simple, transparent and unbreakable. Current technology is more than capable enough to do this if everyone has access to a good biometrics device on their playback equipment.

Maybe this will be Internet 3.0.

As I see it:

1.0 was basically free information. No advertising. Funds contributed by participants accordingly to their means. SWM is an Internet 1.0 site. Share and share alike. I spent many years on the Net when this was the only model.

2.0 started with Porn and then went down the DRM path for general content and then went to advertising and every imaginable scheme to take your money. It's about as intelligently designed as most governments. Which is to say, it's either abusive or wastefully incompetent or both. A noisy mess, but very capable.

3.0 should truly be person to person distribution that's managed by applications. We'd all use AI personal filters that are tied into a common data base of all media content that's available on the Net. The AI would learn (or be taught) your likes so it could truly find the needles in the haystack.

For example, lets say you like the fantasy of bullets bouncing harmlessly off a superheroine. Your AI would learn (or be told this) and be able to find every bit of video ever produced, along with every picture or snippet of writing that appears anywhere that shows or describes such things. When its retrieved, some of it would be essentially free (a few pennies to cover processing), and others would be priced as set by the owner or some application. The snippets can be expanded easily up to the whole body of work, whatever you want.

I admit I'm a bit of a socialist when it comes to the Net. The only people's I'd like to see get paid are 1) people who create content, 2) the people who communicate it, 3) and the people who consume it. A totally flat system that depends on these AI filters to make it usable, and it knows no boundaries.

Shadar

Random321 wrote: I'll add on behalf of the micro producers: You can try DRM but it's such a pain to support and so easy for people to just work around, it's just not worth the headache and nuisance for the fans that are supporting your efforts.

Its not impossible if the media you want to play was encrypted just to your biometrics, and that your thumbprint is the decryption key. It doesn't matter how much you hack the hardware or firmware of the playback device, if you don't have the decryption code (which is your thumbprint or retina scan) it can't decode it.

The key difference is that if a million people order a movie, no two of those movies will be encrypted the same. This is the same encryption scheme we've used in military settings for ages. The presumption is that the enemy has copies of our hardware devices and has decoded the software and tweaked the stolen equipment with their best engineers. They still can't decode anything without the unique key, and again, no keys are shared or duplicated beyond the sender and receiver.

It requires a completely different way to think about media control and distribution, and DRM was the wrong model. DRM was designed to produce millions of IDENTICAL copies with a single encryption key, and the decryption key was in your playback hardware. That's a very weak model and ultimately proved to be useless (or worse).

Trick is to forget everything we know about media protection, DRM and content distribution and start with a fresh sheet of paper. That's technically possible, although it does put high demand on network infrastructure. But if you are already getting content from the Net (as opposed to satellite or cable or over the air), then you are already paying the download infrastructure price. The key difference in my scheme is that instead of caching a common copy of the movie on servers all over the world, each copy would have to originate for each user from the app on some master server(s) where you send your biometrics and they build an encrypted copy just for you. There are a variety of encryption schemes already used in banking and other secure traffic that can send biometrics authorization data safely.

Again, this is old tech at the military/diplomatic level, but it was previously not considered for entertainment because of limited data and bandwidth, and the fact that much of the distribution was done by satellite, cable and broadcast, and commonly pressed DVD/Bluray disks (or tapes).

We need to move past that model.

five_red wrote:

shadar wrote: It's back to the technology question. DRM is lousy technology. In this day of hyper-securty cryptography, there is no reason you can't develop air-tight security on content and make it transparent to the authorized owner.

Yes there is. It's actually technically impossible to do -- not just difficult, impossible.

Y'see as a content provider you never have control of the playback device -- the consumer always has control of the playback device -- and this creates two problems...

First: as a consumer I can simply modify the playback device software so it doesn't do the security check, or always passes the security check. This is how the mod chips that were installed into Playstations worked -- they simply intercepted the security check data read from the disc, and always sent a valid signal, no matter what. It is also how DVD rippers like Handbrake work: they replace the standard DVD playback library with a version that doesn't carry out the anti-piracy checks. Simple!

DRM may use cryptography to protect its media, but all of the logic and keys needed to undo the cryptography have to be present on each and every playback device (otherwise how can the device play the media?) All the DRM makers can do, therefore, is to try to hide the crypto keys, and make the code as convoluted and obfuscated as possible, to slow down the process of hackers cracking the DRM. But once a DRM is finally cracked, it's all over -- your DRM is wide open, and pirates can implement software that removes the DRM from all media that use it.

Second: even if I don't want to reverse engineer the DRM, there is still the problem that the media data has to be unencrypted in order for it to play back. Remember, we don't have control of the playback device, so a pirate can simple tamper with the device (alter the hardware or replace the software) so that the clear data is intercepted after the DRM is removed as part of the playback. And volia -- un-DRM'd media.

Some device makers actually build in anti-tamper devices into their hardware. For some satellite boxes, trying to gain access to the chip that contains the logic for scrambling sports and movie channels actually causes a small bubble of acid to burst, burning out the circuitry so hackers can't study its design. But that hasn't stopped the hackers from figuring out other ways of reverse engineering the logic and breaking the protection.

DRM is just a speed bump. It just makes it impossible for the average person to copy media, but it can't stop the expert. And in a world of file sharing sites and torrents, all it needs is one expert for everyone to have an un-DRM'd copy.

If you want a good non-technical introduction to cryptography, including the basics of DRM, try Everyday Cryptography by Keith Martin. And for an entertaining(excellent excellent!!) read on the history and techniques of code breaking in general, including how the Enigma worked and was broken, I cannot recommend highly enough The Code Book by Simon Singh.


R5

I will say that the DRM i have seen on a couple of videos in this genre online of....well lets make this 20 minute movie 1 gigabyte....is insansaly stupid. It may discrouage a little bit of pirarcy....but its like cutting off your feet to spite your face. If you have to spend 5 bucks of the 10 your making just on hosting your not going going to make any money off it.

shadar wrote: Its not impossible if the media you want to play was encrypted just to your biometrics, and that your thumbprint is the decryption key. It doesn't matter how much you hack the hardware or firmware of the playback device, if you don't have the decryption code (which is your thumbprint or retina scan) it can't decode it.

The key difference is that if a million people order a movie, no two of those movies will be encrypted the same. This is the same encryption scheme we've used in military settings for ages. The presumption is that the enemy has copies of our hardware devices and has decoded the software and tweaked the stolen equipment with their best engineers. They still can't decode anything without the unique key, and again, no keys are shared or duplicated beyond the sender and receiver.

It doesn't matter that all those files are different, and the goals of what the military is doing and what the entertainment industry needs to do are not the same.

In the military, the objective is not not stop USER A from reading their files and using the files as they see fit, it's to stop a bad guy from intercepting the files and reading them. After USER A decrypts the files, she can do whatever she wants with them (upload them to a web server somewhere unencrypted). The only thing stopping her is honor, and the military code of justice. If this were used for a video file, after i decrypted the video file, I could just send it to anyone.

So the short of it, they're protecting against nefarious interception, NOT end users doing whatever they want with the data. This isn't the problem of a video format, they don't worry (much) about nefarious interception (Netflix doesn't worry much that someone might eavesdrop on my netflix stream), they worry about the user decrypting the stream and doing whatever they want with it. Different use cases. (Then military does then take a bunch of time to try to lock down systems so that users CAN'T just do what they want, but basically, if you let a hacker play with that "secured computer" as they see fit, they'll break that part.)

And in the end the same thing happens. The hacker subverts the controls that prevent access the decrypted data. It doesn't matter which key is used, or that the key is biometric (and there are other problems with biometric security). All that matters is that the black box that does this work eventually spits out an unencrypted stream that is sent to a display device. If you access that stream, there isn't any DRM on it.

And once the overall code is known, you take the biometric description routine and just ... run it dumping the results to a file. This is actually LESS secure than DVD or BluRay as the user _already has the keys_. So you'd need to encrypt the file with two keys, a secure key _and_ the biometric one, but you're still relying on the device to have access to that key somehow, and if it can read it, hackers can get to it.

The theory on this has nothing to do with the steps in-between. No matter WHAT you try to build, the theory says that if you build a BLACK BOX that decrypts a file and shows it to me securely, IF the user has complete physical access to the box, they WILL (eventually) be able to crack it and get at the unencrypted data (it's not the same as breaking the encryption). SO you can keep trying to add fancy things to the BLACK BOX, but you can't stop the attacker if they have as many of them as they want (can go down to Best Buy and buy 20 more) and can mess with it as they want. And this has NOTHING to do with which encryption is used/etc. It's that simple: If I have full access to the box that decrypts something, you can get at the data, and won't have to crack some impossible encryption to do it.

And this is backed up in the real world -- every such system has been broken.

five_red wrote:

shadar wrote: Its not impossible if the media you want to play was encrypted just to your biometrics, and that your thumbprint is the decryption key. It doesn't matter how much you hack the hardware or firmware of the playback device, if you don't have the decryption code (which is your thumbprint or retina scan) it can't decode it.

You simply hack the hardware or the firmware so you don't need to scan your fingerprint to play the media.

Simply make a dummy fingerprint scanner that always transmits the same data whenever it's asked. It's a simple device, with a tiny memory just big enough to store one set of fingerprint data, which it sends for every single request. (Hell, you may not even need to build a device, you might be able to get away with just coding a fake driver for a non-existent device.)

1. I visit ShadarMedia.com, and request to buy SuperDuperGirl VI
2. ShadarMedia.com uses 'Shadar Air Tight DRM (R)(tm)(patent pending)', so it asks my device for a fingerprint.
3. My bogus fingerprint scanner (or driver software) immediately sends back the data "ABC123" to ShadarMedia.com (which, let's pretend, is fingerprint data), and SuperDuperGirl VI is encoded using that data.
4. SuperDuperGirl VI finishes downloading. I double click to play it, and ShadarPlayer fires up and asks my device for my fingerprint.
5. My bogus fingerprint scanner immediately sends "ABC123", without even asking me to scan my finger, which works to unencrypt the media.
6. I give a copy of SuperDuperGirl VI to TwiceOnThursdays -- he has the same bogus scanner installed. He clicks the file, ShaderPlayer asks for a fingerprint, it gets "ABC123", and so plays...
7. Eventually I get sick of using the bogus fingerprint scanner, so I hack ShaderPlayer so that I can capture the pixels after they've been decoded, and I pipe them through to ffmpeg which builds a nice clear MP4 file without any DRM. I can then give that to anyone.

The problem is this... no matter what security you build in, you do not have control of the consumer's device. This means that (a) any data your servers receive to secure your media may be compromised, (b) any software that is used to play the media cannot be trusted to cooperate with your security, and (c) no matter how complex, convoluted, and intricate your security, ultimately in order for it to play it always has to be reversible by the consumer's device -- at the end of the day, a device you do not own and have to control over always has to be capable of getting at the clean, unscrambled, un-DRM'd, pixels..!

[Edit: btw, this is how the Playstation mod chips worked. They were attached to the read/write lines connecting the CD player to the I/O chips -- whenever they saw a signal asking for the CD to read the special track that contained the anti-piracy data, they sent back a pre-coded valid response (taken from a Japanese game, I seem to recall, but I can't remember which one). The result was that every disk you put in the PSX returned the same valid code, from that Japanese game.]

Edit 2: For fun, here how Shadar Air Tight DRM should work...

1. I visit ShadarMedia.com, and request to watch SuperDuperGirl VI
2. A burly individual visits my house with an iPad.
3. I sit in the living room as the burly individual plays the movie for me. At no point am I allowed to hold or interact with the iPad myself.
4. Once the movie is over the burly individual leaves with his iPad, assuring me that now I "own" SuperDuperGirl VI, I need only book another appointment for him to come around to my house with his iPad so I can watch it again.
5. ShadarMedia.com grows fat off its increased profits, thanks to Shadar Air Tight DRM. Shadar retires to his own tropical island.

R5

All of this is both a) crackable and b) Expensive.

This is why i ultimeatly think the straties that work best here are :

1. Make things fairly cheep-this is the netflix model. Sure you can pirate anything on netflix i am quite certain--however if it costs 10 bucks a month to watch thousands of hours of stuff a month that constantly cycles....it can be easier to get the original then a copy-i don't think netflix has a particuarly great interface but you know . The Best DRM is to offer an easier and better service then thieves.

2. Make it free, and make money from advertising: This is the method used by Tv and companies like Youtube-and there is plenty of duplicate videos on youtube of sucsefull videos on it-but its easier to combat, and if two peope are present pretty much any sane person will watch the original.

But wait castor we have such small markets, its lucky if a 100 people buy the video....no one likes these kind of stuff.

I don't think the Supergirl TV show is looking at this kind of strategy. .

We got into this discussion because Netflix isn't available everywhere, even in portions of Europe. If Netflix had all the content available and was everywhere, then a subscription model is better, I agree with that. But that was the problem. It isn't and it doesn't have all the content. But the Net IS everywhere, more or less.

As far as crackable... no way. Any more than the encryption on your bank access and the secrets of military forces and governments is crackable. Which is to say very, very difficult, even for the NSA, and often not in a human lifespan. Strong encryption is very, very good. When failures occur, its due to weak passwords, phishing in its many forms, and trusted individuals giving it away (ala Snowden), not code breaking. With biometric encryption keys, or even a very strong password, those codes are not easily crackable even by the NSA. Despite popular fiction which shows smart people busting encryption, it doesn't really happen that way in the real world.

If the super-computers get a hundred times faster, we add two more bits to the encryption key (which is usually 32 bits or better now). If super-computers get a million times faster, we add six more bits. That's not precise, but its illustrative that the code-maker has all the advantages over the code-breaker when code are done correctly. Read up on trap door algorithms and how they are used in public key encryption today (even though we aren't talking public key encryption here, the encryption algorithms are related). The math gets hairy, but you can get the gist of it.

That's why the NSA is so upset with Apple using encryption as a default on their devices. It makes it very difficult for even the them to break your code, and certainly not in a timely way.

I spent some time working in the encryption field (military) at the most trusted level some time ago, and I've kept my finger on the pulse of this field since.

The problems in handling media content this way aren't security, but rather caching, communications bandwidth and storage (of the billions of copies), but the last could be handled by making it transitory. And, of course, leaks from the original source of unencrypted copies. The military largely solved that (albeit with a few breakdowns like Manning) by putting people in Federal prison for a very long time. The actual encryption/decryption process is relatively fast with the kind of massive-core GPU's that are available today on most of our devices.

Industry won't have the option of draconian penalties, but if even the editors and producers work with personally encrypted copies, or at least fingerprinted individual copies, you always know precisely who leaked it. Once again, no two people have a bit-identical copy.

What I've learned from this thread and comments is that we have to move beyond conventional thinking and failed techniques from the past. As technology improves, we will have the chance to completely rethink everything.

But we need a Steve Jobs of media to drive the changes needed for pervasive but secure distribution of content.

Until then, we're living in the 18th century but with shiny computers, and everyone frustrated, from content creators to consumers. This doesn't have to work like politics.

Anyway, this thread is probably wrung out. None of us have the skills or resources to change anything, but we can dream of the day when it does change. If we live long enough.

Shader

castor wrote:

five_red wrote:

shadar wrote: Its not impossible if the media you want to play was encrypted just to your biometrics, and that your thumbprint is the decryption key. It doesn't matter how much you hack the hardware or firmware of the playback device, if you don't have the decryption code (which is your thumbprint or retina scan) it can't decode it.

You simply hack the hardware or the firmware so you don't need to scan your fingerprint to play the media.

Simply make a dummy fingerprint scanner that always transmits the same data whenever it's asked. It's a simple device, with a tiny memory just big enough to store one set of fingerprint data, which it sends for every single request. (Hell, you may not even need to build a device, you might be able to get away with just coding a fake driver for a non-existent device.)

1. I visit ShadarMedia.com, and request to buy SuperDuperGirl VI
2. ShadarMedia.com uses 'Shadar Air Tight DRM (R)(tm)(patent pending)', so it asks my device for a fingerprint.
3. My bogus fingerprint scanner (or driver software) immediately sends back the data "ABC123" to ShadarMedia.com (which, let's pretend, is fingerprint data), and SuperDuperGirl VI is encoded using that data.
4. SuperDuperGirl VI finishes downloading. I double click to play it, and ShadarPlayer fires up and asks my device for my fingerprint.
5. My bogus fingerprint scanner immediately sends "ABC123", without even asking me to scan my finger, which works to unencrypt the media.
6. I give a copy of SuperDuperGirl VI to TwiceOnThursdays -- he has the same bogus scanner installed. He clicks the file, ShaderPlayer asks for a fingerprint, it gets "ABC123", and so plays...
7. Eventually I get sick of using the bogus fingerprint scanner, so I hack ShaderPlayer so that I can capture the pixels after they've been decoded, and I pipe them through to ffmpeg which builds a nice clear MP4 file without any DRM. I can then give that to anyone.

The problem is this... no matter what security you build in, you do not have control of the consumer's device. This means that (a) any data your servers receive to secure your media may be compromised, (b) any software that is used to play the media cannot be trusted to cooperate with your security, and (c) no matter how complex, convoluted, and intricate your security, ultimately in order for it to play it always has to be reversible by the consumer's device -- at the end of the day, a device you do not own and have to control over always has to be capable of getting at the clean, unscrambled, un-DRM'd, pixels..!

[Edit: btw, this is how the Playstation mod chips worked. They were attached to the read/write lines connecting the CD player to the I/O chips -- whenever they saw a signal asking for the CD to read the special track that contained the anti-piracy data, they sent back a pre-coded valid response (taken from a Japanese game, I seem to recall, but I can't remember which one). The result was that every disk you put in the PSX returned the same valid code, from that Japanese game.]

Edit 2: For fun, here how Shadar Air Tight DRM should work...

1. I visit ShadarMedia.com, and request to watch SuperDuperGirl VI
2. A burly individual visits my house with an iPad.
3. I sit in the living room as the burly individual plays the movie for me. At no point am I allowed to hold or interact with the iPad myself.
4. Once the movie is over the burly individual leaves with his iPad, assuring me that now I "own" SuperDuperGirl VI, I need only book another appointment for him to come around to my house with his iPad so I can watch it again.
5. ShadarMedia.com grows fat off its increased profits, thanks to Shadar Air Tight DRM. Shadar retires to his own tropical island.

R5

All of this is both a) crackable and b) Expensive.

This is why i ultimeatly think the straties that work best here are :

1. Make things fairly cheep-this is the netflix model. Sure you can pirate anything on netflix i am quite certain--however if it costs 10 bucks a month to watch thousands of hours of stuff a month that constantly cycles....it can be easier to get the original then a copy-i don't think netflix has a particuarly great interface but you know . The Best DRM is to offer an easier and better service then thieves.

2. Make it free, and make money from advertising: This is the method used by Tv and companies like Youtube-and there is plenty of duplicate videos on youtube of sucsefull videos on it-but its easier to combat, and if two peope are present pretty much any sane person will watch the original.

But wait castor we have such small markets, its lucky if a 100 people buy the video....no one likes these kind of stuff.

I don't think the Supergirl TV show is looking at this kind of strategy. .