The Content Piracy Reality

It goes without saying that piracy sucks. The sting of piracy hurts that much more when the content is something that you’ve personally poured hours, days and months of hard work and love in to, only to find it on a some illicit site, in the dark corners of the internet, within hours of posting it online. The excitement you felt, the sense of accomplishment, ends as you feel as if it was all in vain. It’s replaced with feelings of anger and outrage that someone stole our hard work, and rightly so.

Piracy affects anyone involved with digital content. The largest most technically sophisticated companies in the world, Netflix, Google, Amazon, Vimeo and others find content from their platforms pirated on torrent sites (PirateBay etc), in file lockers (4Shared, Megaupload etc), or on Usenet, within hours of going live. Businesses spend millions every year combatting piracy. The MPAA and RIAA have tried for decades to end it, throwing hundreds of millions of dollars at the issue, with limited success. Despite all the technical expertise and the collective financial resources of these organizations they can’t stop piracy of digital content.

The reality is that piracy is easy. If content can be viewed on a computer, it can be pirated. Really, really, easily. Many who produce digital content struggle to accept this fact but if you want to be in the business of producing digital content, you need to accept it. Vimeo actually goes so far to say that “if you are genuinely concerned with the security of your videos we’d suggest you do not upload them to any online outlet” (source: here). This is a company whose entire existence is predicated on hosting unique video content and even they’re basically saying “it sucks, but there’s nothing we can do about it” (see Marks comment a bit further down in that thread) because it can’t be stopped.

In order to understand why it can’t be stopped, we need to understand how content is delivered and consumed, from a technical perspective. At a high level it works like this:

  1. You, the user, requests a “resource”, which is the R in URL, or Uniform Resource Locator. Lets say you requested In technical terms, this is called a GET request. You’re saying “get me”… Since you haven’t specified a specific filename, that’d be anything after the trailing “/”, you’re requesting the default page located in the root directory of
  2. Your browser now has to find To do this it asks the internets equivalent of a phonebook, the Domain Name Server or DNS (which could be cached locally, at your ISP, or via a public resource like Googles or OpenDNS), where to find
  3. The DNS contains lots of information about in what are called “ZoneFiles”, but for the purposes of this it helps to think of the DNS as a giant spreadsheet with two columns. Column A is the domain,, and Column B contains the IP address of the server,
  4. Now that your browser knows where to find it then sends that GET request to the server at the IP address that it found.
  5. The server receives the GET request and does a few things. The server is first going to check if that site is hosted there, and then, if it is hosted there, it’s going to then check if the file you’ve requested is there.
  6. At this point the server or the application, does authentication and authorization. This means that the server can check that you are who you say you are, and it can check if you are authorized to access the resource you’ve requested.
  7. We’ll assume that there is no authentication or authorization necessary, that the domain is hosted there, and the file exists. The server will then respond to your browsers GET request with the requested resource.
  8. Your computer then receives the HTML response from the server and your browser renders the HTML in to what you see on your screen. If there are other resources necessary to render the HTML, like images, css files, external javascript, fonts or anything else in the response the above steps will happen for each of those resources until all required resources have valid responses and the page is loaded.

This is a very high level explanation of how the process works. There are some deeper technical steps that occur, but they’re not really relevant for our purposes here. What is relevant is that you request a resource and that resource is delivered to your computer and rendered by your browser.

You might not realize it, but what’s going on is that you are basically downloading the requested resources to your computer so you can view them. This is the fundamental reason why pirating digital content is so easy to do, and so difficult (impossible) to stop. Essentially, if content is consumed, ie being displayed in a browser, then it has already been downloaded making it almost trivial for the user to keep. Heck sometimes saving the content is as easy as clicking the file menu and selecting “Save Page As” which will save the HTML and the associated resources. Or it might be as simple as right clicking on an image and choosing “Save Image As”.

The reality is that if the pirate is motivated, the best anti-piracy measures in the world aren’t going to stop them. At best they’d just slow them down. Even if you somehow managed to make it impossible to actually download a video, yet still be viewable on screen, an almost trivial work around for a pirate would be to use simple screen and audio capture software and voila they would have perfectly pirated content with very little effort. That’s a super low friction technique that would defeat even the most sophisticated technical solution. With the knowledge that technical solutions are so easily defeated, we realize that the associated effort and expense to stop them is largely wasted.

A platform can take all the steps in the world and invest millions of dollars in technology and processes and procedures to combat piracy but they’ll not stop the pirates. At best they’ll just slow them down with the added insult that they have invested a ton of money and the problem still exists… And that’s what it comes down to for the platforms, who are after-all businesses, the investment vs the reward.

From a business perspective, if you’re a content platform like Udemy, NetFlix, Pluralsight, Amazon or any one else involved in digital content you know and understand that there’s no real effective technical solution to stopping pirates, so why would you spend huge sums of money on building anti-piracy features that deliver limited benefits? You take the standard precautions, you might even take extra precautions to make it more difficult, but the business value in building those features is limited, and usually at the expense of the user experience of legitimate users which costs you further money in lost revenue, which is to say that if you’re in the platform business, rather than investing in anti-piracy measures, you’re better off spending money on initiatives that have a greater positive impact on your business: better features that improve the user experience and encourage honest users to buy more, more often. It sucks, big time, but that’s the current reality of being in the digital content business. Ultimately, from a business perspective, the decision to build a feature or not, is based on value delivered to the business, and there’s little value in building security features that can so easily be defeated.

So what can you do as a content creator? Before anything, including creating any sort of content, you have to come to terms with the idea that your content will be pirated. Like it or not, that is the reality of becoming a content creator and publishing content online. As Matt at Vimeo said so succinctly “if you are genuinely concerned with the security of your videos we’d suggest you do not upload them to any online outlet.” Remember, those who are downloading your pirated content are unlikely to have paid for it in the first place, so the loss in revenue is likely to be minimal. So accept the fact that someone is going to use your product without paying for it, and focus instead on all the positives of what you’re doing, like how you’re creating great content that people will want to pay for.

Once you’ve accepted that reality and made some awesome content that gets pirated, you’ll have to do some leg work:

  1. Contact the platform where you originally published the content and let them know. Platforms like Udemy have teams of lawyers who deal with these things so give them the info they want in the format they want and they’ll take care of the rest. If your course from Udemy was copied and pirated to Pluralsight they’ll contact Pluralsight and get the content removed. If you’re finding your course from Pluralsight copied by a pirate on to Udemy, let Udemy know, via a DMCA take down request, and they’ll take it down, and take whatever action they can against the instructor.
  2. Issue DMCA take down requests, or the local equivalent, to any search engine linking to the content. Google, Yahoo! and Bing are the obvious ones. These guys will almost definitely remove the offending links.
  3. Issue a DMCA take down request, or the local equivalent, to the sites hosting the infringing content. If it’s a legit platform they’ll usually act quickly, but if it’s a site in the darker corners of the web that typically doesn’t respect copyright laws, it might be a stretch to expect that they’d respect your request, but you should do it nonetheless… You might get lucky :)
  4. Issue a DMCA take down request, or the local equivalent, to the ISP hosting the infringing content. If the ISP is located in the US it’s likely to act quickly and remove the content. Outside of the US it’s hit and miss, but again you might get lucky.
  5. The famous Alun Hill has some really great advice in his Udemy course “How I make $30,000 A Month From Udemy — No Advertising.” Lecture 17 deals specifically with how to deal with Pirates. It’s an interesting tactic to basically beat them at their own game. It might work, it might not, but it’s a novel approach to a difficult problem and is relatively low effort to implement with other upsides.
  6. Finally, setup a Google alert for the name of your course. If and when it appears in the Google index you’ll get an alert and you can issue your take down request.

Another tactic could be to include a short copyright notice in random lectures (at the beginning or end of a couple lectures in your course, for instance) saying where the content was uploaded to, notifying users that if they’re viewing that content on another site, that it is in fact stolen and they should be requesting their money back, or something along those lines. It won’t stop the piracy where the pirates are uploading content to other platforms, but if a course was on say Pluralsight and it’s now on Udemy, Udemy is going to get notified pretty quickly by students who are going to be upset that they paid for something that’s stolen.

Of course, this isn’t a solution to piracy. The point is that it makes piracy less profitable for those sorts of pirates. As rights owners, we need to be proactive in protecting ourselves by knowing our rights and enforcing them. These steps could at the very least be a starting point. Depending on the type/method of infringement, and if you can definitively identify and prosecute the culprit, escalated steps beyond these should include calling in your attorney to deal with them civilly, and your attorney can advise and assist if calling law enforcement in is warranted; if you can get them and punish them you definitely should, as much as you can, for as long as you can.

Despite all the desire of millions of people around the world, and the resources of all the greatest tech companies in the world, no one can prevent piracy. If you’re in the digital content business, piracy is, for the time being, a fact of life. Although your content may be pirated, and that sucks, remember that it isn’t personal and it doesn’t interfere with your ability to produce amazing content that makes a real and positive difference in the lives of the millions of people who want to, and are willing to, consume that content within the legitimate frameworks that you offer it, and that is, after-all, the reason you create that content in the first place.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.