[kbolino]

The end goal is end-to-end protection with online verification. As far as I can tell, we are already halfway there. The highest level of Widevine protection in use today essentially involves the streaming server having a private encrypted conversation directly with your GPU. That includes a certificate that can expire due to age and be revoked due to suspicion of tampering. If anything is not up to snuff, you'll get downgraded content at best and a ban at worst.

The next logical step is to extend this process down the chain to include every device from the GPU to the display.

In order to make a fake TV work, you'd likely need to take a real TV and hack it. That's going to get increasingly difficult and various watermarking techniques will likely allow it to be identified and blacklisted anyway.

[mdaniel]

I loved these series of CCC talks

- https://media.ccc.de/v/37c3-12296-full_aacsess_exposing_and_...

- https://sgx.fail/ and I'm sorry I'm not currently having good luck finding the talk that went along with it

[kbolino]

I think that physical media is already known as the weakest link in the chain today and is thus being phased out. While the studios were reticent to adopt streaming initially, I think they've realized it is actually easier to secure, and to keep secure over time.

I don't know if there are exploits against GPUs like those against SGX. It's much easier to update GPU firmware than BIOS/UEFI.

[LocalH]

I see more pirated media sourced from streaming services than physical media nowadays.

[kbolino]

I've dug into this a bit more, and it seems I got some wires crossed somewhere.

Widevine L1 (the highest level of protection) is still expecting a "trusted execution environment" that is separate from the GPU. This leaves two major paths for exploitation: against the TEE itself, and against the path between the TEE and the GPU. There seem to be published exploits for the former, at least.

Also, Widevine L1 is only really used for "high-value" content, so it's often possible to obtain relatively high-quality streams at lower protection levels, which I'd assume are even easier to break.

Not to put too fine of a point on it, but the crytography behind DRM seems consistently amateurish. They ought to be doing what I said, but maybe for compatibility reasons they can't. I think the gist of what I said remains, though: online streaming is superior to physical media from a DRM perspective because it can use online verfication natively. A physical disk cannot change after it is stamped, but a streaming service can implement tighter rules over time, even for its back catalogue.