Show notes


DRM stands for digital rights management. It is set of technologies used to control how copyrighted works are distributed.

Historical examples

  • DVDs
    • DVD were first released in 1996. Video DVDs uses a DRM called “Content Scramble System” to prevent people from ripping its content. It was first compromised in 1999. This means that for every DVD player built a licence had to be paid to be able to play the videos.
  • Video streaming


Playstation wave in the CD

How do CDs work?

Imagine a vinyl disk. But it’s

  • Read with light rather than a needle
  • Binary (if the lights reflect it’s a 1 if it doesn’t it’s a 0) Just like vinyls, CDs are not perfect and there’s some wobbling when reading one. The lens that’s reading the data is moving to negate the wobbling and get a sequential stream.

Playstation anti-piracy scheme

When Sony was burning the Playstation’s CDs, they would purposefully put some wobbling at the beginning of the CD and encode authenticating information in it. So, normal CD cloner could read the content of the CD, but would ignore the wobble since it would be considered as a defect.

Game dev tycoon

They released 2 versions, one legit version and one on the torrent sites. In the torrent version, your video game company would always go bankrupt due to piracy.


  • Backuping legitimately bought content like DVDs
  • Lending games to a friend
  • Using copyrighted material under the fair use doctrine.

DRM that stopped working

When a company declare bankruptcy, there’s a good chance their DRM services will stop working. MSN music and Yahoo Music Store closed in 2008 and prevent anyone to listen to their legally bought songs on any new computer.

This year, Microsoft announced that they will close their ebook store and every book sold by them would stop working. At least they are refunding, but stil…

Hard to conserve media

Interactive media like video games protected by DRMs are much harder to preserve compared to a game without any DRM.

Bundling virus

A scandal erupted in 2005 regarding rootkits Sony was bundling on their CDs. Once installed on a computer, those rootkits would try to interfere with CD copying which violate private property rights.

  • Created security holes that other viruses could exploit
  • Takes too much resource in the background
  • Might crash a system
  • No uninstaller
  • Infringe so OpenSource licences by using them in their rootkit and not explicitly saying so. This is so ironic!

They got sued in many states in the US, but the fines where small. In Texas and California, they were sued under the “Consumer Protection Against Computer Spyware Act”. Sony settled for 750k$ per state. Also, everyone with one of those CDs could ask for a new CD without viruses and 7.5$.


Google Stadia

  • They console/pc/smartphone don’t have any data about the game, they only receive the video stream which is the result of their inputs.
  • Next level DRM since there’s nothing to clone from the user’s computer.

Analog loophole

Every non-interactive media will need to be transformed into analog signals at some point to be used by the customer. At that point the signal can be recorded redistributed.


HDCP, which stands for High-bandwidth Digital Content Protection, is a technology developed by Intel to try to stop the analog loophole.

The system is designed to prevent unauthorized devices from receiving the signal. HDCP validates that the receiver is authorized and was not tempered with. The data is then encrypted to prevent eavesdropping on the wire. This means that your monitor manufacturer needs to pay a licence to be able to produce monitors that can receive HDCP content.

In 2010, hackers released the HDCP master key on the Internet. This means that anyone could build recording devices that would be considered valid and receive HDCP streams.


To get a Bluray licence, every device needs to implement HDCP. Also, if a player is not able to detect a valid DHCP link it will send a low resolution video stream to the monitor.


We used to need third-party plugins (like Flash or Silverlight) to be able to play media with DRMs on the Internet. W3C released the Encrypted Media Extension (EME) specification in 2017. This is used to securely play media in the browser.

  • Google’s Widevine
  • Microsoft’s PlayReady
  • Apple’s FairPlay

Most information is under NDA, so it’s actually really hard to find good information on the subject.

The problem, how do you play a video on you computer without being able to copy it?


Let’s say you want to do it in userspace. You receive the encrypted stream and the encryption key. You decrypt the stream and send it to the kernel to be displayed on your screen. Problem?


Same but in the Kernel. You receive the stream in userland but pass it to the kernel. Problems?

Trusted platform

TP contains a key A that’s used to decrypt the key B received from the provider.

  • Userspace send the stream to TP
  • It decrypts the stream and decode it
  • Where does it put it? It still need to share a buffer with the kernel to be able to write in the graphic driver. Weird situation where 2 CPUs need to communicate on the same bus.

Communicating with the card

Need to find some way of directly communicating with the hardware. Uses HDCP to be sure the connection to the monitor is safe.

As far as I know, there’s no open source implementations of the complete system.


The EFF resigned from the W3C the day the EME specification was released. They don’t think it contributes to the open nature of the Internet.

Since the implementations are closed source, you need a licence from Google to use Widevine. Many applications were not able to get those licences (like the Brave browser). So, Google controls who can use DRM content.