[rocqua]

As I understand the 'cipher' is in how you find the next tiny piece of stream. I haven't grasped fully how that works for Youtube but it is certainly more than 'increment a counter'. I believe it is something like 'read a variable in the previous packet and decode it'.

If they wanted any semblance of an argument, decoding that variable should require a session key that is set on log-in or after a captcha. But I doubt they do that, it would be a horrible hassle to handle the session dependant encoding.

[hunter2_]

Interesting. So instead of authorizing the fetching of pieces by way of authentication, they're just saying "you can have another piece if we've been talking since the very first piece". I guess that's a bit of a control, just not secret whatsoever.

I feel conditioned to equate the two, but they're distinct concepts I suppose. A CAPTCHA is an access control, and one that doesn't rely on secrets.

[justinclift]

Doesn't it more boil down to "if the available bit rate is above ABC then grab the next piece $foo, else if the available bit rate is above DEF then grab the next piece $bar, else if the available bit rate ..." (etc)?

Not really sure where you're getting "authentication" from for this?

[hunter2_]

I'm saying they're controlling access via a control that is not authentication, and not secret, it's simply knowledge of the previous chunk.

I can see arguments on both sides as to whether such a thing is (or isn't) a form of access control. IMHO, it's so weak that it shouldn't even be considered a control. But if the DMCA (and legal precedent) says that there merely needs to be intent and some effect, then perhaps it is a form of control, if some aspect of the scheme was added specifically to thwart casual downloading and it had the effect of people seeking out third-party tools -- a form of access control that falls outside the usual mechanisms such as authentication and/or secrets.

A bit like a building with a lock that is totally pickable by the most amateur picker: it's no secret how to open it, so unauthorized people routinely let themselves in, but legally it's established that the intent of any lock is keeping unauthorized people out, and the presence of the lock does have the effect of keeping most people out, so therefore it's an effective control (to some reasonable extent) and therefore it's illegal to enter without authorization.

[justinclift]

You keep using words like "controlling", "authorization" and "authentication" for something that doesn't even have those concepts included in its design. At all.

And from that incorrect addition of your words, you're trying to spring board to saying the DMCA applies.

What the hell?