12. September 2018 // 16:0016:45
Hörsaal Zugspitze

We´ve all used Netflix, but most of us (developers included) do not know how to deliver or implement encrypted video to the browser ourselves.
I´d like to invite you to join me as I recap my journey into reverse engineering Netflix. I’ll let you know how I came to understand the messy, monstrous world of DRMed videos on the web, how fragmented this ecosystem is, and who is in control of what.
It´s a depressing but fun journey full of WTFs and technical/legal contraints that I had no idea about when I first set sail watching Netflix on my Raspberry PI.

Usage of web video behind a paywall (*1 Adobe Digital Index Q1 2016 Digital Video Benchmark Report) is rising constantly and every device with a display that is produced nowadays comes with some sort of web browser that should be able to play all videos (Hint: It´s not that easy). Cisco estimated that by the end of this year, 80 to 90 percent of all global internet traffic will come from video data (*2 Cisco estimation of growth of global Internet traffic over time).
Based on these unbelievably high stats, I believe that every web developer would benefit from a basic understanding of the mechanics behind „DRMed“ videos on the web and the history behind them.

What will the audience learn from it

– A super short history of web video
– What the different meanings behind DRM for web videos are
– What different DRM implementations/protocols are out there and when/why they’re used
– What a CDM (Content Decryption Module) is and how it’s used to decrypt videos
– Why hardware acceleration is mostly a no-go for web video
– What EMEs (Encrypted Media Extensions) are and what implementations on the client look like
– The flow of a browser requesting & playing encrypted video
– What restrictions video platforms get from content providers
– (Bonus: If there´s time – Netflix on Raspberry PI isn’t a myth)


– The real story of how a random web developer fell into this devil pit
– A super-short history of web video (From Quicktime/Flash/Silverlight and the <video width=“300″ height=“150″> tag to MPEG-DASH)
– The media playback ecosystem (Stakeholders and their role)
– Case study Netflix – Pure map of HTTP requests made to play a video
– API flow for requesting encrypted video with EME
– Different implementations for different browsers and operating systems (and their implications for implementors and users)
– Sir Tim Berners-Lee approves
– (Chrome+Firefox)/Widevine CDM architecture (and a peak at Playready & Fairplay)
– The blurry outline of robustness requirements and their impact on Hardware/Software decoding
– Manifest files & content negotiation formats in detail (MPEG-DASH)
– Demo: Build your own Netflix player
– Explanation of the code behind the self-implemented Netflix player
– (Bonus: If there´s time – Netflix on Raspberry PI isn’t a myth)

Who is this presentation for?

Web developers who would like to understand these cryptic terms (EME, CDM, DRM, etc…), and want to know how the client side implementation of video platforms is really done. I also believe it is of common interest for any user of web video behind a paywall because it allows a look into this media sandbox – its implications and drawbacks.