←back to thread

How encryption for Cinema Movies works

(serverless.industries)
230 points perryflynn | 1 comments | 20 Apr 25 17:52 UTC | HN request time: 0.285s | source
Show context
ddtaylor ◴[20 Apr 25 22:56 UTC] No.43747149[source]
How are groups getting the high quality digital dumps of some movies then?
replies(3): >>43747235 #>>43747651 #>>43748157 #
kmeisthax ◴[21 Apr 25 00:40 UTC] No.43747651[source]
Hollywood is stupid and eroded its own economic advantage by putting everything on streaming. This was already known, but it also makes antipiracy operations much, much harder.

Ripping a stream is always going to be easier than getting any unprotected video footage out of a movie theater. The stream is in your own home, you own and can tamper with all the equipment involved in playing it, and the economics of CDNs prevent robust traitor-tracing schemes[0] that could be used to hunt you down.

In contrast, movie theaters are public locations, so every one of them is a known entity. The entire supply chain for movie projection is controlled. And that makes traitor-tracing a lot easier. All the hackers pointing out that DRM is fundamentally breakable are ignoring the fact that that only matters iff you're anonymous and untraceable. Otherwise, they won't bother making the DRM stronger, they'll just arrest people until the movies stop leaking.

It's the XKCD laptop wrench story[1] in reverse. The crypto nerd imagines DRM to be easily broken trash, but the reality is that the security of the DRM is in the $5 wrench, not the math.

Let's play contrast-and-compare. If you want to leak a stream, you need:

- A streaming account

- Knowhow or software to decrypt the data stream as it's downloaded and played, or,

- Knowhow to modify a TV so that you can capture the unencrypted video and audio streams inside the TV

The last one isn't done because it's a pain in the ass and the TV scene prefers bit-perfect rips over re-encoded captures. But at some point in the TV, you have to decrypt the video; LCD panels do not natively accept encrypted signals. And that is something you can build hardware to capture.

Now let's try leaking a movie. There's a few avenues of attack, roughly corresponding to the traditional movie scene release categories:

- You can go to the theater and point a camera at the screen. They actually check for this now, in pretty much any western country you'll get kicked out or arrested for camming a movie. If you don't get caught, they can still narrow you down to a location in the room via your shooting angle, and possibly determine what theater you were at with line frequency hum. That's enough information to narrow down the guy leaking the movie to a handful of customers. Do this enough times and you create a unique fingerprint to catch yourself with.

- You can get a job as a projectionist and run the movie projector into another camera directly. That kind of machine is called a telecine, and it used to be one of the higher quality ways to get leaked movies back when they were on film. This is specifically the scenario that all the DRM in the projector is designed to stop. If you do anything to change the light path of the projector, it locks up until the manager comes in and types a password to authorize the change.

- You could bribe the manager or owner to telecine the movie for you. Problem is, the number of people who actually have the password that unlocks the projector is really small[2] and traceable. If a telecine leak is traced back to their theater, someone's getting fired at a minimum, jailed in the worst case.

- You could break the DCI scheme itself; but you still need to source the files and keys to decrypt the movies. This is the crypto nerd's imaginary scenario. Even then, the files could themselves have steganographically injected information identifying the theater who got that master copy, which you can't strip out merely by having the encryption keys. Again, nobody is giving you those files unless they're too stupid to understand the implications (unlikely) or they have faith that you can strip out the stegotext.

It's just way easier to rip a stream than a movie in a theater. And when Hollywood moved to streaming they also made it a lot easier to leak movies.

[0] To be clear, traitor-tracing each stream would require a unique encode per account to inject the stegotext; that's computationally unfeasible. Doing one encode per movie theater would still be a struggle, but less so by three orders of magnitude.

[1] https://xkcd.com/538/

[2] This is also why the 3D era of film made movies way too fucking dark.

replies(4): >>43748102 #>>43748457 #>>43748694 #>>43750515 #
dist-epoch ◴[21 Apr 25 11:04 UTC] No.43750515[source]
> Hollywood is stupid and eroded its own economic advantage by putting everything on streaming

You are making a big assumption that they had a choice, that if a movie was not put on streaming, the consumer would go to the cinema to watch it.

But many consumers don't, if the movie is not streaming, they just don't watch it at all.

replies(1): >>43752512 #
Bedon292 ◴[21 Apr 25 14:38 UTC] No.43752512[source]
But how much of that is because they know it will come to streaming soon for free? I feel like the 'if the movie is not streaming, they just don't watch it' mentality was driven by everything being put on streaming. I am not the average consumer, so I could definitely be off base, but I feel like people were more willing to go to see a movie in theaters when they knew it would be months before they would be able to see it if they didn't. Now it can be available for streaming within weeks, many times included with the subscription you already have. Hard to justify $20 per person to go see something in a theater when you can all see it a month later included in your $15 subscription.
replies(1): >>43755068 #
1. dist-epoch ◴[21 Apr 25 18:41 UTC] No.43755068[source]
> but I feel like people were more willing to go to see a movie in theaters

There was no Internet, no TikTok, shitty games, not much to compete with movies then.