Is any video protection truly piracy-proof?

No. A determined pirate with a hardware HDMI capture card or a screen-record tool can rip almost any video. The goal of anti-piracy isn't elimination — it's making piracy expensive enough that most attackers move on, and identifiable enough that leakers can be deterred or pursued.

What's the most effective anti-piracy feature for course creators?

Dynamic per-viewer watermarks. They render the viewer's email or ID into the video stream itself. If a course gets uploaded to a piracy site, the watermark identifies which paying customer leaked it. Most leakers stop when they realize they're identifiable.

Do I need DRM to protect paid video content?

Usually not. DRM (Widevine, PlayReady, FairPlay) is mandatory for studio-licensed content but overkill for self-produced courses or membership videos. Layered AES-128 multi-key encryption plus signed URLs, domain whitelisting, and dynamic watermarks deliver comparable practical protection at a fraction of the cost and complexity.

How does AVCaption stop hotlinkers from embedding my video?

Domain whitelisting at the embed token level. Each token is bound to a list of allowed origins; the browser sends a Referer header on the master playlist request, AVCaption validates it, and any non-whitelisted origin gets a 403 before the player ever loads. Combined with short-lived signed URLs, this stops the casual scraper-and-embed attack pattern.

Anti-Piracy Protection

Selling paid courses, gated tutorials, premium membership content? Then piracy is on your mind. Here’s how AVCaption stacks defenses against it.

The defense layers

Layer 1 — Encryption. Every segment is AES-128 encrypted. Multi-key rotation per batch. A leaked key only exposes 60 seconds of footage.

Layer 2 — Signed playback tokens. Tokens are scoped per session, expire in 24 hours by default, and can be tightened to a few minutes for high-value content. Forged tokens fail server verification.

Layer 3 — Domain whitelisting. The iframe can only load on domains you specify. Hotlinkers get a 403 immediately, no master playlist served.

Layer 4 — Dynamic per-viewer watermark (Enterprise). The viewer’s email or ID is rendered into the video stream. If the video is captured and posted publicly, the watermark identifies the leaker.

Layer 5 — Rate limiting. Stream API enforces per-IP and per-token rate limits on every tier. Defaults are tuned for normal viewer traffic; Enterprise can override per-token limits via REST API for stricter or looser policies. Crawlers and automated rip tools hit the default ceiling fast.

Layer 6 — Analytics anomaly detection. Unusual patterns (one token, many IPs in different countries within minutes) surface in your dashboard. Premium and Enterprise get configurable alert thresholds; Free sees the same anomaly signals in the analytics view but without push alerts.

Why dynamic watermarks work

Most paid-content piracy starts with a single buyer who shares the link. Static watermarks don’t help — every viewer sees the same logo, so a leaked video is anonymous.

A dynamic watermark renders the viewer’s email (or any identifier you pass via embed token metadata) into the video itself, in a corner of the frame that’s hard to crop without losing significant video area. The text moves periodically — typically every 30-60 seconds — to defeat manual cropping.

When a course gets reposted to a piracy site, you screenshot a frame, read the email, and the leaker is identified. In practice, most leakers stop sharing once they realize they’re identifiable.

Layered defense vs DRM

DRM (Widevine, PlayReady, FairPlay) is the strongest single defense — but it’s expensive, typically requires studio-licensed content contracts to justify, and can be defeated by hardware HDMI capture anyway. See DRM vs encryption tradeoffs for the full comparison.

For self-produced content, layered AES-128 + signed URLs + domain whitelist + dynamic watermark is sufficient — and dramatically cheaper. Studios use DRM because their contracts require it, not because DRM is impenetrable.

What this protects against

Hotlinkers — embedding your iframe on their site (blocked by domain whitelist)
yt-dlp / browser-extension downloaders — defeated by per-batch key rotation and signed URLs
One-buyer-shares-all — defeated by dynamic per-viewer watermark identifying the source
Bulk scraping — defeated by rate limits and analytics anomaly alerts

What this does not protect against

Hardware HDMI capture — physically capturing the HDMI signal off a connected device. Defeats AES-128, multi-key, and DRM equally.
Screen recording at OS level — most operating systems can capture the screen including video output. Browser-level DRM blocks this on Chrome but not on jailbroken or rooted devices.
Buyers who genuinely don’t care about being identified — dynamic watermark works on social pressure; rare exceptions exist.

If your content’s piracy risk is high enough that hardware capture matters, you need both DRM and an offline distribution model — and you’re past what any cloud video host alone can solve.

How to enable each layer

Defense	Tier
AES-128 multi-key	All tiers (always on)
Signed playback tokens	All tiers (always on)
Domain whitelisting	Premium and Enterprise (set in dashboard)
Dynamic per-viewer watermark	Enterprise (configure in player settings)
Rate limiting	All tiers (default policy on); Enterprise can override per-token via REST API
Analytics anomaly detection	All tiers see signals in dashboard; Premium / Enterprise get push alerts

Get started

The basic stack (encryption + signed URLs) is on by default for every video. Add a domain to the whitelist on your next upload, then check the network tab — non-whitelisted origins return 403 before the playlist even loads. Upload a test video to see the stack working end to end. For dynamic per-viewer watermarks, see how creators apply the full stack on the online courses and membership site video pages.

Anti-Piracy Protection — Watermarks, Encryption, Domain Whitelist