I'm constantly suprised when YT deploys another half measure against downloaders when GOOG also owns widevine. I wonder what is their reasons for not using it.
The software version of widevine would be so thoroughly broken in a very short time that it would be bypassed by any one-click downloader addon. Nothing would change for users and YouTube would have the overhead for widevine.
Using the hardware based version could cause a lot of problems with unsupported devices.
As another commentor pointed out, Widevine is already in use on many streaming sites. Where are the one-click downloader addons for those? If they exist, I have not been able to find them.
(My use case is not so much in downloading a video, I just want to be able to my Amazon Prime videos on my Linux computer at a better resolution than 720p.)
I used results from this Github search page (especially pywidevine) a while back to make a Hulu downloader in Go which I eventually had to remove:
https://github.com/chris124567/hulu
I wasn't really a part of this scene but there appears to be some sort of weird competition among people involved in writing this kind of software so occasionally device keys would leak when they tried to get at each other which was great for me because it meant I didn't have to extract keys from a phone or NVIDIA shield or anything annoying like that.
You are probably already using the software version of Widevine (L3) to watch 720p content in the first place.
There are relatively easy ways to download L3 content, but they are not as common because higher resolutions are available on illegal streaming sites and torrents. These sites break hardware Widevine or use other attacks to get the material.
While that sounds reasonable, is there any evidence that this is the actual reason? Widevine is also used by other ubiquitous services such as Netflix, Prime, Hulu, etc.. and yet WV still remains an insurmountable barrier for most people, even in its weakest form (L3).
Good points. The difference is that on streaming sites, L3 widevine will only allow low resolution playback. They are also tied to a paid account, making it much more difficult/risky to download content. Even if the encryption is broken, there are often ways to detect such users for a limited time.
For professional content, there is simply not much demand to develop a user-friendly way to break L3 widevine, as the market is already served by reasonably convenient illegal streaming sites and torrents that allow for higher quality video.
I don't think youtube really cares if you pirate their content or use a 3rd party client.
What they care about is you wasting their bandwidth. For an ad-supported video streaming site, bandwidth is normally more expensive than revenue - Google only manages to make it just about work because they have probably the worlds cheapest bandwidth due to being able to bully ISP's into peering with them for free. (they don't let you peer with Google for just Google Search but not youtube).
All these throttling measures are simply trying to reserve most of the bandwidth for real users, not people scraping all the content.
Sooner or later, youtube will do the same thing as twitch, which is to dynamically splice ads into the video stream - making it impossible to block with current mechanisms.
They don't do it yet, probably because they don't see the need quite yet. But i have no doubts that it will happen sooner or later.
Adblocking will have to evolve to a new level to block such things.
Very surprised they haven't started this long ago. One might suspect the problem is ad play and click accounting.
Anyway, when they start delivering ads in-band, the next step for blockers is to identify that first keyframe in the player by using a pool of shared signatures, right? So then player clients will need adblock plugins which will have a sizeable signature distribution infra and grief for clients.
Then the anti-blocker might begin adding, per-play instead of per-video, a pixel or something to throw off the signatures, massively increasing THEIR video distribution infra. Ad infinitum?
ah yes, AAI (Artificial-AI) AKA I (Intelligence), or "Crowdsourcing" if you're looking to use an older buzzword. I do think there's a few models trained on sponsorblock already, but they're not great.
...which will be countered by AI-enabled midroll ad generation. A neural network that splices two video clips together must already be a thing, right? The advertisers would probably want this even without adblockers, since everyone already has an adblocker in their mind called 'inattentional blindness'. Using AI to subtly segue into the ad rather than cutting would stop some portion of users from tabbing out, checking their phones or just going AFK during ad breaks.
I think a lot of people watch YouTube on their TV or phone or on a browser without an ad-blocker. I rarely watch YouTube on my laptop.
I think Twitch users tend to watch on their computer mostly? And I think Twitch viewers are more techy so they would be more likely to have ad blockers.
I have no data on any of this. I'm just throwing shit at the wall.
splicing video is pretty easy - there are certain points - key frames - where video streams can be spliced with nearly zero computational overhead, no loss of quality, no loading delay, etc.
i dont think what's stopping google is a technical difficulty problem, but a scale problem (as well as a lack of real need atm).
I suspect that google doesn't actually lose too many to blockers, as mobile accounts for a large fraction of youtube's traffic (and so far, not that many people actually use a hacked youtube client to view videos).
It's probably cheaper and faster to have a pre-encoded video, cached at the edge.
Adblocking is very much on googles radar. But they realise it is a cat and mouse game - and whenever you start playing that game, you run the risk of ending up in a position worse than you started with. They currently get 80-90% of the ad impressions they try to display, which is pretty good compared to a hypothetical future where someone like Microsoft makes an adblocking-by-default browser and courts force Google not to block them.
Indeed, we've done exactly this with production quality adverts where we'd add real-time information (e.g. betting odds) into the ad at selected points.s
Relatively speaking. You might not notice it when playing back a single video, but I promise you that you're not going to have a good time if you try to play back multiple high bitrate videos on slightly older hardware (think HTPC).
> Relatively speaking. You might not notice it when playing back a single video
So like 99.99% of use cases?
> but I promise you that you're not going to have a good time if you try to play back multiple high bitrate videos on slightly older hardware (think HTPC).
That could be the case, not disagreeing here, if you use old hardware, have multiple high bitrate videos and multiple streams at once but this is specialized niche example.
No it doesn't. Heck, forcing software decoding is actually one of the ways to force Widevine down to lower protection levels on general purpose hardware.
> - Web browsers only support the weakest form of Widevine which is ineffective
It's not fullproof but it would certainly make tools to bypass it clearly illegal in most of the world.
There are efficacy reasons for not doing it on a backend level, but Google has required anything that wants YouTube to support Widevine for a very, very long time now.
That's not contrarianism, most of the EU is in this situation. Basically everywhere where you have taxes on private copies, you must still be able to make the copies somehow, otherwise the tax would be repealed.
If you're using a PC with a Nvidia GPU, run `nvidia-smi dmon -s u` and start playing a random Youtube video in Chrome. You'll notice how dec% moves from 0% to at least 2%. Pause, and start playing Widevine protected video and notice how dec% stays at 0% because decoding is happening on the CPU.
> It's not fullproof but it would certainly make tools to bypass it clearly illegal in most of the world.
Good luck, copyright infringement is already illegal and yet that hasn't stopped it from being widespread. Tools and techniques to bypass Widevine L3* are widely known and available (yes, even on GitHub).
I was being generous in my previous comment. In reality, deployment of Widevine L3* should be shunned at least as much as Proof-of-work cryptocurrencies. It's completely ineffective in protecting content, it burns unnecessary CPU cycles multiplied by (potentially) billions of users, and significantly degrades user experience.
Even Widevine L1* is ineffective in practice. Techniques to bypass it aren't available to the average Joe, but of course there are groups that will download, decrypt, and re-upload the newest 4K streaming releases to torrent trackers within an hour of them appearing on streaming services.
> If you're using a PC with a Nvidia GPU, run `nvidia-smi dmon -s u` and start playing a random Youtube video in Chrome. You'll notice how dec% moves from 0% to at least 2%. Pause, and start playing Widevine protected video and notice how dec% stays at 0% because decoding is happening on the CPU.
It's because Widevine have embedded decoder into its lib and its using CPU instructions but from user perspective it's not a huge change on modern CPUs as most have specialized instructions to handle decoding of H264 etc.
> Widevine L1* is ineffective in practice. Techniques to bypass it aren't available to the average Joe, but of course there are groups that will download, decrypt, and re-upload the newest 4K streaming releases to torrent trackers within an hour of them appearing on streaming services.
There are no "Techniques to bypass it", the only way currently to get L1 streams is to use legit hardware keys from some devices, on which you can exploit secure enclave/extract HW keys.
> but from user perspective it's not a huge change on modern CPUs as most have specialized instructions to handle decoding of H264
There are no "instructions to decode H264", there is dedicated hardware acceleration like Intel QSV and AMD VCN, but these gets bypassed just like Nvidia's decoding acceleration from my previous example. All of this is trivially observable, playing back DRM-protected video wastes an obscene amount of resources, relatively speaking.
From user perspective you'll notice stuttering, unusually high CPU usage, dropped frames and more, especially once you try to play multiple videos at once.
> There are no "Techniques to bypass it", the only way currently to get L1 streams is to use legit hardware keys from some devices
That's exactly what I meant. Being pedantic over my choice of words isn't very productive.
> There are no "instructions to decode H264", there is dedicated hardware acceleration like Intel QSV and AMD VCN, but these gets bypassed just like Nvidia's decoding acceleration from my previous example. All of this is trivially observable, playing back DRM-protected video wastes an obscene amount of resources, relatively speaking.
For L3 you are just using SIMD/vector instructions compiled for specific platform, so they are specialized CPU instructions (not general use) that help with decoding. And L3 is mostly now 720p and 1080p low bitrate on majority of streaming services that people use, you would need to have VERY old hardware to not be able to use it. I've been watching 720p/1080p h264 videos 15 years ago with only CPU decoding without ANY issues, most of the world did. So that's just not an issue.
If we are talking about L1 then you have hardware acceleration so your point is invalid in that case.
> From user perspective you'll notice stuttering, unusually high CPU usage, dropped frames and more, especially once you try to play multiple videos at once.
Yeah because 99% of people are playing multiple widevine videos at once on their 20 years old hardware... come on.
> That's exactly what I meant. Being pedantic over my choice of words isn't very productive.
Im not being pedantic, you are not bypassing a lock in a door with a key, don't you? "Hey honey lets bypass our neighbour door lock using his key so we can enter his house" No one says things like that. If you meant what I meant then you just used wrong words to describe that. Your choice of words have different meaning which isn't very productive.
The main reason is that it hits their CDN cache efficiency a bit, which costs money, and it's another set of key management systems to look after and operate and at YouTube's scale you want to minimise them as much as possible.
It also paints a very big target on Widevine Level 3's back.
But ultimately it's just a financial equation. What Google are losing from ad blocking isn't quite worth pulling the WV lever yet, but given it has clearly become enough to take softer measures and the pressure they are likely under from music labels I expect a wider rollout will happen in the next few years.
If I were to predict it will probably initially be "any video containing label music or studio clips picked up by content ID", and maybe an opt in tag for other creators at first. They're the ones that are much more useful for monetisation anyway, and you don't lose all your CDN benefits at once.
Google probably wants to discourage third-party clients but allow people to archive. Quietly taking this half measure is the perfect and only solution to achieving this goal.
Widevine has been a mandatory requirement for any OEM pre-installing YouTube for something like seven years now. There is not much out there that Google would care about EOL access for.
Widevine is used in some youtube videos. Not all, though; not even a high percentage -- I've only seen it in certain music videos. I'm guessing it's on a paid license basis…
Maybe they care about not cutting off devices that don’t support it. TVs, ARM Linux, etc. While making downloading videos just annoying enough that people don’t bother.
