[Retr0id]

Watermarking would require a separate version of each encoded file for each target device, which is not amenable to efficient CDN-ing.

It's quite easy to grab the encrypted media files, as they go over the wire - do this from two devices and compare what you get. (you don't need to strip the DRM to see if the two files are identical)

[jsheard]

They wouldn't necessarily need to serve different data to each client when they control the whole playback stack, they could get clever by including duplicate frame data with subtle differences and making each device key only able to decrypt one of the variants. Repeat that throughout a show to add additional bits to the signature until it's uniquely identifiable.

[Retr0id]

But they don't control the playback stack, once the attacker has the keys. The attacker brings their own stack, decrypting the data with their own software.

[jsheard]

That doesn't help the attacker if their key can only decrypt the subset of frames which Netflix wants them to be able to decrypt.