I think the most effective form of Netflix's security is that the service is so useful it offers no incentive to break it. Why would I want to go through the hassle of cracking their DRM and downloading the movie to my local machine when they allow me to stream it any time I want, as many times as I want?
Yes, it's true: their service is so good that one doesn't feel the need to abuse their security.
Still, they need to make sure that, for example:
- you don't give your credentials to all your friends (so that they too can watch movies, without having to get their own Netflix subscription)
- their content doesn't get streamed outside of the US, because that would be a violation of the license agreements that they have signed.
We studied their system to understand how they implement those security constraints, and how they manage to do it without affecting performance and user experience too much. The incentive was to learn, not to break their security.
I don't disagree. Sorry, I didn't mean to imply you were up to no good. Netflix does have some necessary security concerns, and the article was an interesting look at how they're implemented.
No security is perfect though, and if you lock something down so tight that people can't get what they want from it, they'll find a way to break it. I think Netflix largely succeeds because it makes legitimate uses easy (sitting down and watching a movie) and only impedes the illegitimate uses (burning it to a DVD and selling it on the street).
Music DRM failed largely because its security impeded legitimate uses, e.g. copying your files to a new computer or a new MP3 player.
One incentive might be that the "watch instantly" option is conditional on studio contracts, which are time-limited. I believe a number of movies lost their "watch instantly" option earlier this year for this reason. (It's a weak incentive, given that you can still order the discs, but it exists nonetheless.)
