By Alex Nauda, Chief Technology Officer, MediaSilo –
With piracy an ever-growing problem and high-profile hacks affecting multiple networks and streaming services, security is top-of-mind in media and entertainment. The inescapable tension between security and usability is a factor in determining every workflow involving pre-release content. But screeners remain a problematic anomaly: Press reviewers remain outside the control of network protocol, yet have access to content at the point when it’s most vulnerable.
The good news: Reviewers have a vested interest in keeping shows and movies secure prior to release, when interest in both the content and the critic’s inside take on it is at its peak. The bad news: In prioritizing security, networks and studios are seriously compromising the viewer’s experience, to the detriment of the very coverage they’re trying to obtain. Even worse, the measures taken to lock down content may actually be having the exact opposite effect, pushing users toward unintended workarounds and leaving networks vulnerable to leaks.
A critical eye – The No. 1 complaint critics voice about screening sites is poor video buffering and playback. In fact, 50 percent of reviewers said they have missed a deadline or failed to write a review at all due to technical issues with a screener.
Of course, some playback issues are on the user’s end: an internet outage, an unsupported browser, a poor Wi-Fi connection. But other problems perceived by the viewer as “playback” are related to compensating controls put in place by the content owner, with short session lengths being the biggest culprit. Session lengths are often set around 15-20 minutes, much less than the length of an average episode or feature. Getting repeatedly kicked out of an episode or having to restart a viewing session after stepping briefly away from the computer significantly ramps up frustration for the viewer.
Other security measures, such as DRM requiring proprietary players, are also perceived by reviewers as a barrier to accessing content.
As one reviewer who wished to remain anonymous put it: “The players are insanely outdated and it sucks to be treated like a criminal just for doing my job, all while knowing that the real pirates have no issue going in and stealing this stuff.”
The second-most common pain point involved juggling multiple logins and ways of accessing content. Half of reviewers have access to more than 20 screener sites, all requiring different URLs and usernames, and because each network and studio applies different security protocols, in terms of password rotation and complexity, critics have resorted to some less-than-ideal methods of managing content and credentials.
While digital distribution is increasingly seen as the more secure option, press reviewers still get about 25 percent of their screeners via DVD. About half of those discs are never destroyed or thrown away.
Even more worrisome, only 18 percent of reviewers use unique passwords stored in a password manager. To manage the proliferation of screener destinations and credentials, the rest leave passwords scribbled on Post-it notes, keep the same password across all sites, store them in Google Sheets shared with colleagues, and use other less-than-desirable password management strategies.
It wouldn’t take much for an enterprising attacker to cross-reference a reporter’s publicly posted email address, which is usually readily available at the end of any article they’ve written, with the latest password dump or data breach. By making it difficult for reviewers to log in to access screeners, necessitating workarounds on the reviewer’s part, networks may be inadvertently opening themselves to attack.
Passwords are a major part of this problem. Allowing users to select their own passwords invariably results in simpler, weaker passwords. It also leads to password reuse across sites, making the password dump attack a viable option for nefarious actors. Password strength policies can help somewhat in mandating stronger passwords, but the challenge of remembering so many passwords tends to push users toward less secure password hygiene, such as an unencrypted password list, often shared across a team or department, or even the venerable sticky note.
One industry trend that looks promising as an alternative is so-called magic link logins, which require users to click an emailed link to log in. There is no password to remember, share, or lose.
Stuck with a small screen
Another criticism reviewers share has everything to do with their experience as a viewer and a fan: The lack of companion apps for settop boxes means critics are relegated to watching most pre-release screeners on a small screen.
Think of how many hoops we jump through to ensure network and studio execs can seamlessly review content when and where they want to, whether on a mobile device or in an in-home screening room. Arguably, critics have as much or more influence on the eventual outcome for a property, yet they feel trapped by a second-class viewing experience.
“My main problem with any screener site is that it’s very difficult, if not impossible, to find ways to cast it on to regular television,” says Randee Dawn, entertainment writer for TODAY.com and NBCNews.com. “I’m not a huge fan of watching on my computer screen because I spend hours in front of my computer anyway. It’s kind of a turnoff for me in terms of trying to invest time to watch screeners.”
Largely, reviewers say that they have grown accustomed to visual watermarks, and accept them as one of the costs of having access to pre-release content. But how and when to deploy watermarks is perhaps one of the areas where the difficult tradeoff between security and viewer experience is most apparent.
Of course, forensic watermarking is always the best option in terms of viewing experience. Invisible and traceable, it’s incredibly useful in tracking down the source of a leak, but not helpful in deterring one from happening.
While reviewers have learned to tune out most visible watermarks, they say that those directly in the center of the screen, or constantly moving around the screen, can distract from the viewing experience and prevent them from fully engaging with the content. Yet, watermarks on the edges of the screen can be easily cropped out, and static, consistent watermarks are increasingly vulnerable to removal by computer algorithms, according to recent research by Google scientists.
Randomized watermarks are one way to counter new techniques, but they are problematic. Random watermarks can be circumvented through collusion, allowing multiple bad agents to scrape the video and assemble a clean version. Their unpredictable nature is also disconcerting for viewers.
Animated watermarks have come a long way since they were used as an overlay to prevent theater screens from being filmed by a camera. Burned directly into the file, they are incredibly difficult to remove. While software can be used to blur or remove a watermark, every second of video includes 30 frames. If every frame has the watermark in a separate location, even the most enterprising pirate has his work cut out for him. If done well, animated watermarks can add a valuable layer of security with minimal distraction.
If all this unsolicited feedback feels depressing, let’s go back to the good news: Critics want to protect pre-release content right up to the premiere date. They are willing to jump through some additional hoops, if the overall experience is easy and seamless.
Whether you’re rethinking your homegrown screening site or looking for a secure third-party solution, the (movie and TV) critics have spoken. Ensure that your content will play flawlessly without interruption, preferably on a big screen. Consider modern login methods that don’t place all the onus on the reviewer. Instead of making it hard to view pre-release content, render it difficult to share. And if all else fails, ask your critics regularly what grade they would give your screening experience.