Signed URLs/Token piracy is a big issue, it happens like this -
A class of students having computers sharing the same public IP address thanks to NAT. A signed url of M3U8 manifest is shared among those students, and they watch the video for free on third-party HLS player and consume a lot of minutes(i.e. bandwidth), while the video owner pays the cost of bandwidth.
We suggest features for mitigating this problem
- An option to disable other manifests such as M3U8, so the stream could only play on Cloudflare stream player;
- Besides exp, nbf …, etc., allow the API to add Watch Time constraint to the Signed URL/Token, for instance, setting the total watch time not exceeding the length of a video. With this, even when many people share the same Signed URL, the total watch time would not exceed the Watch Time constraint.
Or there might be other better solutions.
I wish Cloudflare Stream developers could provide additional guards to mitigate the piracy issue. Thank you!