How browser can play HD video with L3 security level?

Question

From my knowledge, Widevine DRM has security levels like L1, L2, L3 where L1 being highest security level. Most flagship phones have L1 security level certification and hence are able to play HD,4K video. While for browsers like chrome on desktop, the certification level is L3 which is least security level. My question is how we are able to play 4K HD video in providers like Netflix, amazon prime in these browsers with L3 security level certification?

Answer 1

Everybody in here has been talking about the official specs, and guessing "what might do what" just by working backwards which resolutions a quick visual check seemingly showed each OS to support.

But in practice, the actual code would reveal that just about anything goes depending on the whims of the provider (I have a dream, that one day streaming services might compete on who can deliver the least draconian DRM). For instance: even when WV was still publishing their recommended guidance, literally nobody that I can think of was respecting it.

1080p requiring L1 or HDCP? Those are all things that *could* have mattered and be checked, but for the longest time with Netflix you could about just spoof the ChromeOS/Edge useragents and you were done even on Linux. Approximately the same was also happening for Prime Video.

In 2023 this isn't presumably valid anymore (and in fact, on day one 4 years ago Disney+ conversely needed L1 for anything to start at all) but still. Also note that protection level requests can be set differently for each individual title even within the same platform.

With all of this said, I have yet to read of a place having 4K working with just L3. Maybe you are thinking to Edge, which is instead using PlayReady under the hood?

Answer 2

Firstly, it is worth saying that media security is constantly evolving so you need to recheck the current status, especially if reading this some time after the time of writing.

Widevine's security levels reflect the different ways the content is protected in the application and on the device during playback.

For L1 Widevine security the requirement is for a hardware protected key and for the decrypted stream to be protected by a secure media path in the device so no other application or even the system can access the decrypted content.

As browsers use a Content Decryption Module to play encrypted videos. This is a pice of software that is used by the browser as part of the Encrypted Media Extensions mechanism within HTML5.

The CDM implementation is provided by the CDM provider - if they have a way to leverage a secure media path within the device then they can offer L1 security.

As mentioned in the comments some CDM's, the PlayReady one for Edge on Windows machines is an example at the time of writing, support this and hence offer L1 security. AFAIK, and again at the time of writhing, Widevine CDM with Chrome or Firefox on windows, Linux or Mac does not support L1 at this time.