0

I am testing DRM with clearkey scheme using this Dash.js example: https://reference.dashif.org/dash.js/nightly/samples/drm/clearkey.html. I found that while the video can be played with the correct key configured, it does not prevent recording or screen capturing. I wonder if this is a supposed behavior, or I can config the player somewhere to make it possible to blackout the screen when being screenshot.

I found https://github.com/google/ExoPlayer/issues/8531 being a relevant question but targets to the Android platform.

Improve this question
4
  • "it does not prevent recording or screen capturing" - it doesn't prevent me from pointing my camera at my computer monitor either... am I correct in suspecting you are new to the technical details of DRM schemes, and therefore have unreasonable expectations about the efficacy of DRM?
    – Dai
    Commented Jul 8 at 19:07
  • I don't think you comprehend what I am asking, or we are not on the same page regarding DRM. DRM enabled video has the feature to prevent screenshot, software-based video recording, screen-sharing, etc. Try if you can take screenshot of Netflix, HBO. Of course I knew you can always use your camera to record your screen.
    – SamTest
    Commented Jul 8 at 19:16
  • I do understand what you are asking - but from what I know about ClearKey you're making incorrect assumptions there. Their own readme makes it clear that they're only concerned with encrypting the DASH envelope using only widely-available browser-based DRM (i.e. W3C EME). The complication is that W3C EME does allow a CDM to restrict keys with output-protections, but that's not part of ClearKey; nor is it a clear requirement for browser vendors.
    – Dai
    Commented Jul 8 at 19:34
  • Good source for me to read, thanks a lot for the info!
    – SamTest
    Commented Jul 8 at 19:48

1 Answer 1

Reset to default
1

If you'll permit me to slightly rephrase your question...

Is ClearKey DRM supposed to protect video from being recorded?

No; ClearKey DRM is not concerned with enforcing output-protections, but not because it can't (because it technically can), but because (in my opinion) it's simply out-of-scope for them: ClearKey is not a CDM; the browser/hardware/device brings the CDM (with the power to force people to suffer 1990s composite video), whereas ClearKey is only concerned with encrypting the DASH (Dynamic Adaptive Streaming-over-HTTP) envelope of the video stream and delegating everything else to the browser/platform/player.

Interestingly, ClearKey's readme says that they want to fill the gap between (minimally-protected) token-auth based HLS stream requests and the excesses of full-fat DRM schemes that ultimately only hurt legitimate consumers:

https://github.com/Dash-Industry-Forum/ClearKey-Content-Protection/blob/master/README.md

[...] To fill this gap and to provide a level of content protection between HTTPS-delivered token auth and DRM, we propose ClearKey Content Protection (CCP).

As for disabling screenshots and all that other customer-hostile stuff advanced by truly rephrensible people, that's all provided by the CDM, which (we're told) should not necessarily be considered separate or distinct from the web-browser itself, or even the user's entire computing platform - considering that Chrome and Widevine are ultimately still dependent upon Windows, macOS, and Android's own DRM abilities:

(Warning: pontification time):

I'm unsure what value ClearKey actually has, considering their document describes how the user's browser is able to obtain the video's decryption key in plaintext via a HTTPS request that anyone could intercept using their browser's devtools - or just any competent TLS-capable proxy - so ClearKey's success entirely depends on browser-vendors pinkie swearing not to expose the decryption key to their users.

Ultimately, it fails the "YouTubeDownloader-Test" as far as I can tell; that is to say that there's very little in ClearKey that would succesfully prevent a YourVideoSiteDownloader-type of program from working.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.