Skip to content

Instantly share code, notes, and snippets.

Last active Sep 19, 2020
What would you like to do?




Once there was the <video/> tag, but content distributors decided it wasn't enough. They wanted more - more power, more protection, more control, more features. So, Encrypted Media Extensions were born & Digital Rights Management appeared in our browsers.

In this talk, we'll explore the technical details behind Encrypted Media Extension (EME), Content Decryption Modules (CDM) like Widevine, and the foundation of Web Digital Rights Management (DRM). How? By reverse engineering Netflix and building our own personal Netflix video player!


We´ve all used Netflix, but most of us (developers included) do not know how to deliver or implement encrypted video to the browser ourselves.

I´d like to invite you to join me as I recap my journey into reverse engineering Netflix. I'll let you know how I came to understand the messy, monstrous world of DRMed videos on the web, how fragmented this ecosystem is, and who is in control of what.

It´s a depressing but fun journey full of WTFs and technical/legal contraints that I had no idea about when I first set sail watching Netflix on my Raspberry PI.

Pitch (Anything else you want us to know about you or your talk?)

Usage of web video behind a paywall is rising constantly (see *1) and every device with a display that iss produced nowadays comes with some sort of web browser that should be able to play all videos (Hint: It´s not that easy). Cisco estimated that by the end of this year, 80 to 90 percent of all global internet traffic will come from video data (see *2).

Based on these unbelievably high stats, I believe that every web developer would benefit from a basic understanding of the mechanics behind "DRMed" videos on the web and the history behind them.


What will the audience learn from it

  • A super short history of web video
  • What the different meanings behind DRM for web videos are
  • What different DRM implementatiosn/protocols are out there and when/why they're used
  • What a CDM (Content Decryption Module) is and how it's used to decrypt videos
  • Why hardware accelaration is mostly a no-go for web video
  • What EMEs (Enrypted Media Extensions) are and what implementations on the client look like
  • The flow of a browser requesting & playing encrypted video
  • What restrictions video platforms get from content providers
  • (Bonus: If there´s time - Netflix on Raspberry PI isn't a myth)


  • The real story of how a random web devloper fell into this devil pit
  • A super-short history of web video (From Quicktime/Flash/Silverlight and the <video/> tag to MPEG-DASH)
  • The media playback ecosystem (Stakeholders and their role)
  • Case study Netflix - Pure map of HTTP requests made to play a video
  • API flow for requesting encrypted video with EME
  • Different implementations for different browsers and operating systems (and their implications for implementors and users)
  • Sir Tim Berners-Lee approves
  • (Chrome+Firefox)/Widevine CDM architecture (and a peak at Playready & Fairplay)
  • The blurry outline of robustness requirements and their impact on Hardware/Software decoding
  • Manifest files & content negotiation formats in detail (MPEG-DASH)
  • Demo: Build your own Netflix player
  • Explanation of the code behind the self-implemented Netflix player
  • (Bonus: If there´s time - Netflix on Raspberry PI isn't a myth)

Who is this presentation for?

Web developers who would like to understand these cryptic terms (EME, CDM, DRM, etc...), and want to know how the client side implementation of video platforms is really done. I also believe it is of common interest for any user of web video behind a paywall because it allows a look into this media sandbox - its implications and drawbacks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment