Video consumption on over-the-top (OTT) platforms has snowballed, and demand for premium content is on a never-before high. Since this content is produced by top Hollywood studios and cost of content acquisition is high, it becomes imperative to protect content transmission to stop piracy. OTT websites bank on digital rights management (DRM) technology for this purpose. This allows big players in the video-streaming business to provide an enriching viewing experience to users and also protect their content against illegal use.

OTT players use multiple ways to protect their content on their apps, which are installed in user devices, like mobile phones, tablets, and smart TVs, which include using hardware based protection, forensic video watermarking, and managing license distribution through a multi-DRM service. On desktops, however, OTT players bank on protection built into user agents (web browsers) through content decryption modules (CDMs). For content protection to be successful and viewers to have a hassle-free viewing experience, it is important that as DRM technology is updated, users regularly update their browsers. Without an up-to-date version of the browser, viewers may not be able to access digital content on desktops as accessing video content from OTT players is not more dependent on third-party plugins.

DRMs, Web Browsers, and Security

Many DRM services have stopped supporting older versions of browsers. When DRM systems are updated and browsers are not, the CDM may break and the end user may have a bad viewing experience or may not be able to access video content at all. As DRMs are updated using latest technologies and emerging needs of big Hollywood producers, older browsers of users do not function suitably with the same speed or provide a complete streaming experience.

More importantly, newer versions of browsers are not only feature rich, they also plug serious coding vulnerabilities that become known over a period of time. In such a case, the user’s desktop may become compromised via spyware attacks and their personal and sensitive information could be stolen. So, not only is the browser user not able to enjoy the full experience offered by streaming sites, they also end up making their desktops vulnerable.

Implementing Encrypted Media Extensions

Encrypted Media Extensions (EME) is a JavaScript API that enables digital content protection for premium videos in the browser. EME API is an international standard developed by the World Wide Web Consortium (W3C) for the set-up of a proper communication channel between web browsers and DRM software. This ensures that streaming digital media apps are able to exchange and use information across different browsers whatever their DRM system may be. EME has been implemented in different versions of Chrome, Internet Explorer, Firefox, Safari, and Microsoft Edge browsers among others.

Firefox implements EME through the help of a security system called sandbox, which is used for splitting up programs to curb software vulnerabilities from progressing. Sandbox is used to load the DRM modules whenever EME-encrypted content is queried. This enables DRM to track and identify devices through a fingerprinting algorithm.

As EME can be used by a web app running in a standard browser, streaming portals can implement their services as web apps without relying on third-party plug-ins, which are small programs added to web browsers to provide additional functionalities.

Content Decryption Module

In today’s era of fast-paced technological growth, browsers, operating systems, and software need to be updated regularly. It not only enables new features but also helps with content security.

Every browser has a CDM, which is a client-side DRM component, connected to the server version of the DRM licensing service. It is not only used for decrypting and decoding content, but it also helps in the playback of encrypted digital content. Different types of CDM technologies are put into use by different platforms. For example, Chrome uses Google Widevine to decrypt DRM-encrypted content for playback. As an encryption system, Widevine securely distributes digital content to user devices. CDM and browsers both support the same version of EME. So, when users download or update their browsers, the supported CDM is embedded in it. Due to Widevine’s CDM deprecation plan, customers with old Chrome versions are unable to stream protected content on their browsers after the CDM support comes to an end.

W3C suggests that developers should consider media data, initialization data, licenses, and key data as potential threat vectors, which should be validated before being passed on to the CDM. User agent developers constantly discover security vulnerabilities that tend to exploit these elements and thus issue updates to CDMs. If the vulnerability is critical enough, they may block the use of older CDMs in browsers altogether and compel users to update. Thus, viewers need to be made aware that with the constantly evolving browser technology, they are required to regularly update their browsers if they desire to enjoy the experience of high-resolution viewing of premium video content.

In a nutshell, OTT players offer a wide range of high-definition videos which can be viewed in high resolution with all the features by users if they promptly update their browsers. OTT players should keep reminding their subscribers to update their browsers for enjoying all the services offered by them.