Well. There’s a reason why Netflix is successful. They spent a lot of money and time operating as a tech-heavy company before becoming a content-heavy company. Just as an example, their Open Connect appliances (https://openconnect.netflix.com/en/) are an impressive piece of technology that probably needed years of research.
Launching a streaming service sounds simple in the paper but there are hundreds of complexities under the hood that ensure availability, speed, security, and reliability.
If my Netflix experience wasn't as trivially smooth as it is (from a UX point of view) I wouldn’t pay for it.
I love linux, I use it every day more than any other OS. I don't understand why other linux users act surprised that corporate America frequently ignores altogether or uses DRM methods that are not compatible, I don't think its right, i i don't think its good, but its not new or unusual or surprising.
The reality is that linix makes up 2-4 percent of the desktop PC market which itself is fraction of mobile use and even then, most linux users have the capability to watch it on something else. More of their customers are on windows XP than all linux desktop distros combined. I don't think they consider it anything close to financially worth it and I don't know if I disagree, even if I wish it was otherwise.
Which is why the web is the best platform to support. I don't get why companies offering a service that can easily be web-delivered don't do it as their primary mode of business.
DRM doesn't seem to stop warez. Things that can be decoded, can be shared.
All they gain with DRM is to put off potential customers. For many of us, the best way would be a downloadable file format, that I can copy or watch whatever player or device I want to use.
Both Netflix and HBO Go support Linux without any problem. In this way you can turn an older device into a multimedia player in a simple way, and without paying Microsoft (which is totally unnecessary in this case).
I can't speak for Vizio Smartcast, but both the mobile app and desktop website both support Chromecast. I watched the first few episodes of The Mandalorian on my Chromecast last night. I started casting from my Linux desktop no less.
I think there's a big delta between having experience with operating those services and trying to launch a service that on its first day had 10 million users and its expected to be at 100 million users in 4 years.
ESPN and MLB TV are probably pretty far from those numbers.
But just as a controlling shareholder. I don't think they have any input or say on Hulu's operation besides the typical influence you can exert as a board member even when it's from a vote controlling position. I may be wrong but I doubt they can use Hulu's streaming technology or IP in general unless they license it from Hulu somehow. If Hulu was an actual Disney subsidiary it would be different. Although Hulu is controlled by Disney, Comcast still owns a third part of it.
Disney is the the biggest kid at the pool in media and their is really nowhere in the entire entertainment industry where their influence can't be felt. Disney happens to 100% own hulu now, but even before that I don' see how you can look at their operations and not conclude they were in control.
> More than 4,000 customer accounts appeared in the search
To clear this up:
No, not true. The software in the screenshot called Open Bullet and it's basically a request builder for Selenium (ok it's more than that but you get the idea). You add in lists of usernames/passwords (from database dumps) and it runs your script. You have success/fail reporting, and that's where you get "Hits: 4"
> Ads on the dark web for stolen Disney+ accounts
That's a sellers page from shoppy.gg — not the dark web.
While you are correct, the BBC are 'really trying' their best to explain this disaster to the average John and Jane. But again they are still in the middle-ages when it comes to mentioning the technical side of these 'attacks'.
Says pretty much a lot about them when it comes to technology in general.
I understand that. I wish that they would at least correct the first photo of the combos. Saying that there are 4000 accounts when there are 4 is misleading. "A hacker checking the logins of 4,000 potential accounts" is better and more accurate subtext.
Its all opportunistic as Disney+ is hot on the news right now. Wait till they find out that these tools are cracking Hulu, Reddit etc etc, probably also the BBCs own site. And I guarantee the net is more than 4000 for them.
They can still torrent the content, which is what I'm doing after I paid for the first month of Disney+ and then found out their DRM disallowed Linux because of "security levels".
Netflix also offers a subpar service on Linux for the same reason, the video resolution is limited to 720p, even with a Premium plan. The video quality can be tested on Netflix by searching for "test patterns" on the service.
The stream quality of HBO GO is consistently bad on Linux, with washed out colors.
I have no experience with Amazon Prime Video, but I've found several threads from 2019 with people complaining about the lack of 1080p streaming on Linux.
So even when Disney+ begins supporting Linux, you'll most likely get a subpar service for your money.
You'll probably never be allowed to sign up for D+ again. I'd only use charge backs as a final resort if I can't contact the company and/or I never want to do business with them in my life.
Credit chargebacks are a really great way to end up being banned from a lot of companies' businesses going forwards. It's a last resort, not a "I'm too lazy to ask for a refund" strategy.
It sounds like Disney+ was accepting refunds for preorders up until the launch day. Whether or not they can refund after presumably may depend on whether or not they can tell you've watched some of the content.
Interesting, I chargebacked a stubhub ticket I never recieved after a really terrible flow to even figure out if I got the ticket (turns out they partnered with a third party and you needed to download potentially 2!!! apps to get a scannable ticket). I didn't bother with contacting support because of how terrible the experience was. I hope they ban me.
Re: chargebacks as a last resort, yes - in my experience the credit card company will at least ask a few questions to make sure you've made a reasonable effort and have at least thought about getting some documentation of what's happened. But I'm less concerned about getting $6 back than I am about telling Disney that they lost a paying customer because they assumed I might be a pirate. It's a self-fulfilling prophecy. I never felt any desire to pirate a Netflix Original because their DRM doesn't get in my way.
I expected better, given Netflix and Amazon have been able to do it for quite some time with no problem. And I would still be willing to pay Disney's current price given their content selection if they were able to deliver it reliably on other devices, but I've been disappointed so far.
Disney are the single biggest contributor to the shitshow that is copyright law right now. I don't understand why anyone would expect them to play nice.
Personally I view is as a moral imperative to not give them any money.
I am sure Netflix and amazon prime users also reuse their passwords, but I haven’t yet heard about users having the Disney+ issues with these accounts.
No idea about Netflix, but for Amazon I bet there’s less account sharing than the other two - because it’s your actual Amazon account. My Netflix account is the only one that doesn’t have a very complex password manager password, because I share it with family. I won’t share my amazon account because I won’t give it that sort of password. I guess Disney+ is much closer to Netflix on that scale.
Netflix definitely has trouble with this because they too lack the whole "delete all sessions" capability, so it's next to impossible to recover an account that has been compromised. My partner went through this, and Netflix support told her to delete the account and make a new one (losing all our recommendations in the process). Why they can't be bothered to add a "log out all users" feature the way something like Github or even Plex offers is beyond me.
For posterity, I'd recommend using a passphrase if you're sharing with family. If you're using the diceware method, you get 12.9~ bits of entropy per word.
So a three or four word passphrase should be sufficient, and is much easier to memorize + tell to someone.
It especially helps with the dreaded "what's the wifi password?"
From the article: The streaming service does not have two-factor authentication.
Yeah, I've logged into my Amazon account on my phone before and it wouldn't let me in until I verified something via email. The lack of these security controls is negligent these days. I can't totally blame Disney though, since the opportunity cost of implementing this level of security just isn't worth it. The public doesn't really care enough, and governments don't seem to care about security at all.
Even with identical security stance (which I doubt) across services I'd still expect this because A) pwnable accounts on existing services were most likely already pwned, whereas Disney+ has a mass onboarding of pwnable accounts, so it's Christmas for scrit kiddies and B) there's a ton of attention on Disney+ right now so there will be much more press scrutiny regardless of the true scale of the problem.
C) The early wave that seems to have been most targeted was early signups that included big sales on 2 and 3-year prepurchases. Risk/reward balance on stealing those accounts must have been hugely tempting.
Big launch -> lots of problems at once -> newsworthy. The rest have all have the same problem, just not all at once so no one cares. (And also it's easier for support to handle when not in a big lump, and also they're not brand new to the job.)
I used to use the same password for Netflix and several other websites. I definitely had issues with people using my Netflix account that had somehow gotten the password. I'm sure that happens regularly.
yikes. It doesn't support the security feature of logging everyone out of the account? So if a someone gets access to your account they're in for good.
Sounds like JSON web tokens! Should have stuck to sessions if that's the case.
Admittedly, the performance benefits of jwt are probably warranted here. But still, you either end up building an in-memory blacklist or a DB table thus negating most benefits.
I often tend to just use relatively short lived tokens (12 hrs mostly), which avoids a lot of issues in practice. It depends on the use case. Depending on their DB systems and caching infrastructure, the JTI in as a key in a revocation database would work. It's not always worth implementing though.
Sounds like that's exactly what did happen, at least to some users. Someone got access and logged out the original owner. Which is why they're complaining.
Stating the obvious: marketing tries to redefine language to influence customers. You can either shrug it off or actively fight it.
Like: If you go along with calling sandwiches "subs" you might associate this particular food with Subway and may consider competing food products less.
Off the tangent: Companies pay to rename sports arenas. They're not paying you, so you could just say "we're going to $teamname stadium" instead of $companyname stadium".
Disney has a very active fandom and several amusement parks that try and elevate their work to cultural touchstones. It seems like a warranted language choice here. Just like how you might call Yankees ticket-holders 'fans' instead.
I recently had some suspicious activity on my HBO and Hulu accounts. I checked my email address on haveibeenpwned.com and found some pastebin links at the bottom from August 2019. Sure enough, my email and password for HBO were there in plain text along with many others. The format was like this:
================
notarealperson@email.com:password123
Subscription: Your HBO NOW subscription is billed through
[HBO]
Expiry Date: September 20, 2019
21 Days Remaining
I haven't figured out the source yet. It's possible that someone just took these recent dumps and ran them against Disney+
I thought Disney+ rollout would have no hiccups, because I thought Hotstar (I think it is mostly India based content) owned by Disney did quite well during the cricket world cup, in terms of live streaming (which I thought is more complex than streaming movies).
My respect for Netflix goes up each time a new streaming service has a hiccup.
The attack surface is pretty small, though, isn't it? The most sensitive thing there is probably your viewing history and contact info. The additional overhead of supporting MFA (not from a technical standpoint, but from a user education one) would be tremendous, especially considering the customer base.
Some Credit Card information will leak too. Like nearly everyone, Disney covers up everything but the last 4 digits and CC type, and is mostly clean to current standards, but those standards are flawed in that's still a lot of information if you are truly paranoid. (The last 4 digits are the most significant from an information entropy standpoint. The remaining digits follow typical patterns based on card type, which is often shown right next to those 4 digits, and sometimes {!} issuing bank. Apple's trying to change that with stronger reliance on more, harder to guess, easier to wipe, pseudo-random virtual numbers for cards, but not everyone yet has Apple Card and those kind of practices still seem like they are going to be much slower for older issuing banks to adopt.)
>The most sensitive thing there is probably your viewing history and contact info.
For the end user, that might be true. But for the provider, bandwidth isn't free. So if people are streaming content on shared credentials, they still have to pay for that outbound traffic. So each shared subscription starts to cost the providing service money.
Particularly when most users will log in once on their Apple TV or whatever, and never think about it again— almost makes you wonder why they'd bother with passwords at all vs just doing an email-confirmation every time.
Launching a streaming service sounds simple in the paper but there are hundreds of complexities under the hood that ensure availability, speed, security, and reliability.
If my Netflix experience wasn't as trivially smooth as it is (from a UX point of view) I wouldn’t pay for it.