Don’t Ransack My Movies (DRM): Options Around Securing Online Video

Have you invested a heap of money and sweat into creating videos for users of your LMS? Are you thinking about creating such videos but are afraid they will land many more places on the internet than just your site? If so, you’ve probably heard or read about the concept of Digital Rights Management (DRM). A broad definition of DRM may include any measure to help protect content from being misused. A much narrower view of DRM may refer to a specific method of controlling the viewing of video using electronic licensing and cryptographic keys. In this post, we take a look at the range of possibilities for securing your video content.


Although not technically flashy, some simple measures that you might already be employing can help safeguard against theft or misuse of your videos. Unfortunately, the potential still exists for disaffected users or someone using stolen credentials to take and redistribute your organization’s videos on another site. Another set of simple measures can help in this case. Protecting against the least technically involved theft of video, a click of the “download” icon, may involve just a simple setting change in your video player. For example, adding the “nodownload” option to either the HTML or JavaScript portion of the video.controlsList for an HTML5 video player[1]. Unfortunately, this option does not prevent a right-click and “Save Video As…” download nor does it hide the video’s location, its URL, in the page’s source code. Achieving these goals would involve implementing some technical roadblocks such as these[2] and the ones described in the next section or using a proprietary video player. Staying with the simple for a moment: adding a watermark of your organization’s logo in a corner of the video makes unlawful redistribution of the video much more recognizable, either through the presence of the watermark itself or through the distortion of the watermark caused by removal of the logo. Additionally, you can add so-called “metadata” to your video to help identify it as your organization’s creation. This metadata consists of labels on the file itself listing its creator and usage rights as well as other technical data such as the length of the video, picture resolution, and file format. Removal of these metadata would provide another challenge, albeit a small one.

Once the aforementioned (simple yet often very effective!) methods of securing video content are implemented, more technically advanced roadblocks can be placed to stop individuals a wholesale download of the videos. The first possible roadblock is encryption, for example using AES (Advanced Encryption Standard), of the video file. Encryption involves recoding the video using a mathematical algorithm, so that the file is unreadable both in its storage location as well as during its transmission to a user’s computer. Only when the video file reaches the user’s browser is it decoded and played. Therefore, a user could find a way to download the video file from its storage location but would be unable to view the video without a method to decode it. A further measure would be to break up the video (either encrypted or unencrypted) and send it piece by piece to the user to play. This method of video delivery known as “” complicates[3]. Although online services do exist that can quickly stream the pieces and stitch them together into one file, users may be unaware of or may not trust such services.

Finally, very technical methods are available to attempt to secure streamed video content. These are the types of systems used by video streaming services such as Netflix. Before a user can play a protected video on a site, If the user is not authorized to view the video the decryption process will fail and the DRM service will be notified of an unauthorized attempt to stream a video. Furthermore, the decryption keys used to encode and decode the videos can be changed frequently to prevent a once-authorized user from viewing a video after the user’s license for that video has expired[4]. In fact, since each piece can be individually encrypted, a user whose license expires may be stopped from viewing any remaining pieces of a video in play. Keep in mind though that an authorized user can still view the whole video, and any video viewed on a monitor can be recorded. Many free software applications that are created for legitimate purposes, such as recording computer tutorials, can also be used to capture a video (along with its audio) that is playing on the monitor. There is simply no way to stop this type of recording other than not sharing the video. Therefore, such complex methods of video security should be combined with some of the simpler methods described above.


Content producers have a multitude of choices with which to protect their videos online. As in the physical world, however, there is no perfect way to share content in the digital world without the possibility of unauthorized use. Also, limiting how users can interact with content may inconvenience both your users and you. For example, disallowing the download of your content inconveniences legitimate users who want to watch the video when their internet connections are slow, expensive, or unavailable. Another factor: using a DRM server means your system now relies on a third-party server that you don’t control. If the DRM server is unreachable or unstable, this could cause problems for the functioning of your site and your user’s playback experience. Perhaps most pragmatically, each layer of security added will mean an increase in fixed and/or variable costs. You will thus have to decide what level of protection makes economic sense for your organization.

Despite limitations and costs, there are good reasons for controlling how your video content is viewed online. Limiting who can see what and when may be important to your organization’s business or pedagogical plans. Several side benefits may also result from controlling your content. For example, if you decide on streaming of your video content then the users may be able to manually select their desired video quality and / or allow the player to automatically optimize the playback based on current network performance, so-called “dynamic adaptive streaming.” Therefore, you should balance your users’ experience with safeguarding your intellectual property. If you are an LMS-user or prospective LMS-user with video content to embed, we at Web Courseworks would love to discuss your options with you!





Thank you to David Wipperfurth for the technical review.