[magila]

Watermarking was a problem when Widevine L1 was first introduced. Pirates seem to have found a way to scrub the watermark from their releases. Either that or someone is burning a _lot_ of cash on playback hardware judging from the rate of 4K WEB-DL releases.

[kimixa]

It doesn't need to be a lot - just replaced in the same cadence as the latency from initial broadcast to key revocation. Even if it's all in-house in Netflix and the watermark sufficient to identify the specific device key not all releases are made instantly after being made available on the platform, it still has to be downloaded, verified, watermark extracted before the key can be revoked.

If that's just a total of a single day, 365 cheap netflix devices per year certainly isn't out of the question, especially with the number of people involved in the many ripping groups.

[bccdee]

Depending on the bit size of a watermark, device-based watermarking should be easy to defeat using a quorum of devices to agree on bit values. It should only take around log2(n) attackers to remove an n-bit watermark.