Web Security

The Return Of Sports Brings With It The Return Of Streaming Pirates

August 18th, 2020 | By Carlos Rocha Gonçalves | 3 min read

Streaming pirates and online sports piracy are headaches for the industry.

Sport is slowly but surely returning, albeit looking very different from what we all remembered. The global lockdown has seen OTT streaming services soar in popularity and usage, and the return of the sports we love will arguably have an even greater impact.

However, with the return of sports comes the return of pirates. For OTT providers, the exposure of premium content to pirates means a loss of potential revenue and a breach of compliance with content rights owners.

Piracy cost pay-TV and OTT providers $9.1 billion in 2019, and it’s expected this cost could reach $12.5 billion by 2024. As such, security in OTT media services is imperative, not only for safeguarding the company’s revenue but also for securing copyrighted content.

The HTML5 standard, new Web APIs, and JavaScript have become the power tools behind modern OTT services.

Providers leveraged these technologies for a faster and more reliable way of delivering online streaming content as a replacement for Adobe Flash.

But using these modern technologies without due diligence jeopardizes the content being transmitted to the user as well as the user itself.

When developing a web application for an OTT service, providers must consider how the media content is protected from theft during transmission and when it reaches the client-side.

Digital Rights Management (DRM)

With its successful adoption in industries like video games and music, DRM is the de facto anti-piracy layer in OTT streaming, as it protects premium content from being accessed by unauthorized users.

In the context of web players, this is achieved in three steps: encryption, licensing, and decryption. In the context of web streaming, the Encrypted Media Extension API allows the client to securely interact with the licensing server before the actual decryption comes into place.


As powerful as DRM is, it’s not a catch-all solution to piracy. Notably, it doesn’t offer any additional protection after the content is decrypted. A user can still find ways to capture the streamed content and illegally distribute it.

To fight this, providers use forensic watermarking. This technique embeds a visually imperceptible mark containing metadata inside the digital content.

This metadata usually includes the user ID, device ID, and IP address.

As a result, when that content is leaked and found in the wild (piracy websites), the analysis of the watermark allows the provider to track down the origin of the leak and stop that source of piracy.

Advanced watermarking solutions are built specifically for live sports, enabling providers to do this whole process within a couple of minutes.

Security exploits in web streaming

Forensic watermarking is rapidly growing in adoption and becoming a standard, much like DRM has.

However, a lesser-known security exploit allows attackers to bypass watermarking and leak content with no traceability: code tampering.

Because modern watermarking implementations are done at the client-side, attackers can tamper with the exposed code of the watermarking agent and bypass it, effectively removing the watermark.

To address this, providers must protect the JavaScript source code of the agent with anti-tampering capabilities.

As we see live sports making their long-awaited comeback, OTT providers will face the immense challenge of fighting tag-along pirates. Here, proven technologies like DRM, watermarking, and JavaScript protection will be key to fending pirates off.

For a detailed explanation of the subject of security on OTT platforms, watch our free webinar.


The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.

View All Articles

Must read next


How To Build Authentication in Angular Using Node and Passport

Passport.js provides a simple authentication middleware that you can use with Node.js. Learn how to use it to easily add authentication to your Angular app.

October 17, 2019 | By Jay Raj | 7 min read

Web Development

How To Streamline Hardened Code Signing in DevSecOps Pipelines

Digital certificate management can quickly become overwhelming. By using centralized code signing and HSMs, DevSecOps teams can streamline this workflow.

December 22, 2020 | By Shanice Jones | 4 min read

Section Divider

Subscribe to Our Newsletter