The Return Of Sports Brings With It The Return Of Streaming Pirates

August 18th, 2020 | By Carlos Rocha Gonçalves | 3 min read

At last, sport is slowly but surely returning — albeit looking very different to what we all remembered.

The global lockdown has seen OTT streaming services soar in popularity and usage, and the return of the sports we love will arguably have an even greater impact.

However, with the return of sports comes the return of the pirates. For OTT providers, the exposure of premium content to pirates means the loss of potential revenue and a breach of compliance with content rights owners.

Piracy cost pay-TV and OTT providers $9.1 billion in 2019 and it’s expected this cost could reach $12.5 billion by 2024.

As such, security in OTT media services is imperative — not only for safeguarding the company’s revenue but also for securing copyrighted content.

The HTML5 standard, new Web APIs and JavaScript have become the power tools behind modern OTT services.

Providers leveraged these technologies for a faster and more reliable way of delivering online streaming content, as a replacement for Adobe Flash.

But using these modern technologies without due diligence jeopardises the content being transmitted to the user, as well as the user itself.

When developing a web application for an OTT service, providers must consider how the media content is being protected from theft during transmission and when it reaches the client-side.

White Paper OTT Security

Digital Rights Management (DRM)

With its successful adoption in industries like video games and music, DRM is the de-facto anti-piracy layer in OTT streaming, as it protects premium content from being accessed by unauthorised users.

In the context of web players, this is achieved in three steps: encryption, licensing and decryption. In the context of web streaming, the Encrypted Media Extension API allows the client to securely interact with the licensing server before the actual decryption comes into place.


As powerful as DRM is, it’s not a catch-all solution to solve piracy. Notably, it doesn’t offer any additional protection after the content is decrypted — a user can still find ways to capture the streamed content and illegally distribute it.

To fight this, providers use forensic watermarking. This technique embeds a visually imperceptible mark containing metadata inside the digital content.

This metadata usually includes the user ID, device ID, and IP address.

As a result, when that content is leaked and found in the wild (piracy websites), the analysis of the watermark allows the provider to track down the origin of the leak and stop that source of piracy.

Advanced watermarking solutions are built specifically for live sports, enabling providers to do this whole process within a couple of minutes.

Security exploits in web streaming

Forensic watermarking is rapidly growing in adoption and becoming a standard much like DRM has.

However, a lesser-known security exploit allows attackers to bypass watermarking and leak content with no traceability: code tampering.

Because modern watermarking implementations are done at the client-side, attackers can tamper with the exposed code of the watermarking agent and bypass it — effectively removing the watermark.

To address this, providers must protect the JavaScript source code of the agent with anti-tampering capabilities.

As we see live sports making their long-awaited comeback, OTT providers will face this immense challenge of fighting tag-along pirates. Here, proven technologies like DRM, watermarking and JavaScript protection will be key to fend pirates off.

For a detailed explanation of the subject of security in OTT platforms, watch our free webinar.


The leader in client-side Web security. With Jscrambler, JavaScript applications become self-defensive and capable of detecting and blocking client-side attacks like Magecart.

View All Articles

Subscribe to Our Newsletter