[azalemeth]

It's my understanding that most schemes actually use very low frequency encoding with a large amount of error robustness built in (probably involving Haar wavelets) in order to maximize the probability that it survives re-encoding. Still, these schemes are not faultless: if you have two devices, and are knowledgeable enough to break the DRM twice for the same content, you're probably smart enough to take the md5 and shasum of the resulting bitstreams and diff them. Any discrepancy results in signal processing transforms until they have the same hashes...

[mjevans]

You'd ideally do this for 3+ devices and just majority vote on every framelocked frame; take the mean average if there isn't a median.

[baybal2]

If they can get the content key out of TZ, they don't even need the per-device key, and TZ based decoder anymore.

They just straight decrypt any files, which were at some point laying in the open on CDNs.

I believe, sooner or later it will come to the point when the only way left for DRMed content to work will be to have each stream individually encrypted, and watermarked at the backend at an enormous computational expense.