[throwaway525142]

> you could as well rip multiple copies on behalf of multiple accounts and average out the pixel colors.

Can you show that this can reliable get rid of the fingerprinting? This particular method could be countered by only including the fingerprint info in a few random frames, then you'd be able to retrieve the account info of all the accounts that participated in ripping. I don't think finding a method to counter any sort of fingerprinting is as easy as "just averaging the pixels".

[azalemeth]

It's my understanding that most schemes actually use very low frequency encoding with a large amount of error robustness built in (probably involving Haar wavelets) in order to maximize the probability that it survives re-encoding. Still, these schemes are not faultless: if you have two devices, and are knowledgeable enough to break the DRM twice for the same content, you're probably smart enough to take the md5 and shasum of the resulting bitstreams and diff them. Any discrepancy results in signal processing transforms until they have the same hashes...

[mjevans]

You'd ideally do this for 3+ devices and just majority vote on every framelocked frame; take the mean average if there isn't a median.

[baybal2]

If they can get the content key out of TZ, they don't even need the per-device key, and TZ based decoder anymore.

They just straight decrypt any files, which were at some point laying in the open on CDNs.

I believe, sooner or later it will come to the point when the only way left for DRMed content to work will be to have each stream individually encrypted, and watermarked at the backend at an enormous computational expense.