[coppsilgold]

They can trace a torrented 4K piece of content to the device (or private key) that ripped it using A/B watermarking.

See AWS offering: (and probably what they use for Prime Video, Netflix has their own)

  For large-scale per-viewer, implement a content identification strategy that allows you to trace back to specific clients, such as per-user session-based watermarking. With this approach, media is conditioned during transcoding and the origin serves a uniquely identifiable pattern of media segments to the end user. A session to a user-mapping service receives encrypted user ID information in the header or cookies of the request context and uses this information to determine the uniquely identifiable pattern of media segments to serve to the viewer. This approach requires multiple distinctly watermarked copies of content to be transcoded, with a minimum of two sets of content for A/B watermarking. Forensic watermarking also requires YUV decompression, so encoding time for 4K feature length content can take upwards of 20 hours. DRM service providers in the AWS Partner Network (APN) are available to aid in the deployment of per-viewer content forensics.

<https://docs.aws.amazon.com/wellarchitected/latest/streaming...>

They also use a traitor tracing scheme (Tardos codes) such that if multiple pirates get together to try and remove the watermark they will fail, you would need an unreasonably large number of pirates to succeed for some length of time.

[JCattheATM]

To what extent does this watermarking survive transcoding? Would not transcoding multiple times possibly affect it?

> They also use a traitor tracing scheme (Tardos codes) such that if multiple pirates get together to try and remove the watermark they will fail, you would need an unreasonably large number of pirates to succeed for some length of time.

Why?

[coppsilgold]

> To what extent does this watermarking survive transcoding? Would not transcoding multiple times possibly affect it?

They are designed to survive being recorded by a phone at an angle. The embedding is only 1-bit per segment which can be multiple megabytes.

> Why?

Tardos codes scale as the square of the number of traitors times a constant. For example, a movie would typically have 2000 segments -> 2000 bits of encoding. By my calculation, at around 7 traitors some start to skate by detection. And there are ways to make detection additive across leaked content, so with another 2000 all 7 will get caught. This is because while they may not score highly enough to be reliably accused, they will be under suspicion, and that suspicion can later be enhanced.

To be clear, what the traitors are doing is pooling all the segment versions they have available to them, and adversarially choose a segment at random. This is the best strategy they have, a close second is to choose the segment that the majority have.

Trying to remove the actual 1-bit watermark from the segment isn't typically feasible. Every segment will have a unique adjustment to encode it. The embedding algorithm will take a secret key.

[sparklysoup]

> They are designed to survive being recorded by a phone at an angle.

Any idea what this looks like? I assume it's not visible to the human eye, but being able to survive this level of degradation is quite impressive.

[coppsilgold]

My understanding is that it has gotten fairly complex. Don't know if they still use this particular facet but look at the Fourier-Mellin transform: <https://sthoduka.github.io/imreg_fmt/docs/fourier-mellin-tra...>

They don't use the highest frequencies as those watermarks are easy to obliterate, and they don't use the lowest frequencies as those would noticeably affect quality, the focus is generally on the mid range frequencies. However for A/B watermarking in particular which involve 1-bit watermarks, low frequencies may actually be fair game.

Keep in mind that when embedding watermarks of significant size (>100 bits) as for example if you want to create a camera that includes the serial of the device in every photo, error correcting codes would also be used. For 1-bit watermarks the error correction is likely ad-hoc and involves constructing some mathematical object (for example, a few real numbers derived from frames of a segment) which remains approximately fixed through transformations, you can afford to be wasteful.

[bobdvb]

It depends on which vendor they're using.

It generally occurs as patterns which are slightly in the noise. Good systems pick locations where its easier to hide and turn it off when the scene would expose it. Usually when badly done increasing sharpness in a scene can help reveal it.

Basically, if you can damage the watermark the picture quality is bad enough that it's harming your viewing. You need to compress into crap SD quality to make it hard to detect and even then you'll get something.

You don't even need a complete pattern, if you can get enough fragments you can narrow down the possible identities until you have a high match probability. I.e. partial fingerprints or DNA match.

[JCattheATM]

That's fascinating, thank you.

[direwolf20]

The main character holds an apple in her hand. The apple is either pink or bright red depending on the LSB of your user ID. Without comparing several rips, you can't tell this is happening.

[Retr0id]

Netflix does not encode content per-user, it's all static content on CDNs

[coppsilgold]

A/B watermarking is about static content on CDNs...

For every segment in a video there will be two versions. Every user will get a unique sequence of segments served to them.

[Cyph0n]

Wait, that’s a brilliant way of encoding a watermark without having to embed it within a stream per user.

If a single video has say 100 segments, you get more than enough unique combinations to guarantee uniqueness. There would of course have to be a mapping between user/device ID and segment order.

[Retr0id]

Netflix puts flat MP4s on the CDN, the segments all reference different offsets within the MP4.

[coppsilgold]

Have you inspected the contents of their CDN servers? Because assembling an mp4 on the fly from segments is not difficult. Especially if they condition them to have identical sizes.

[Retr0id]

I have indeed inspected the contents of their CDN servers. The URLs have an auth token in them but you can edit the range parameters to grab the whole mp4 in one go without invalidating the auth.

[coppsilgold]

Then this is either an exploit or more likely the mp4 file is virtual. You can find out if you are so inclined by grabbing it from two separate accounts using two separate devices (or keys) and then compare how many of the segments are identical.

Also, I assume the file in question is 4K content. Don't know about how they treat other types.

[direwolf20]

Isn't it trivial to know all the segments if they are static?