OTT Content Security: The Pros, Cons, and Practicalities of Limiting Concurrent Streams
Most video streaming services take steps to prevent password sharing by limiting the number of devices each account can register and use, or by restricting the number of concurrent streams that can be started using the same credentials. For many OTT services, concurrent stream limits (CSLs) are a fundamental requirement of their content licensing agreements. Their challenge is to balance user experience with enforcement of the agreed restrictions. Beyond compliance, CSLs can also be a powerful tool for protecting revenue, managing costs, and even unlocking new business opportunities. Done wrong, they can frustrate users and drive churn. Done right, they reduce password sharing, safeguard platform performance, and even create upselling opportunities for premium subscriptions.
In this blog, I’ll explore the strategic and technical implications of concurrent stream limits in OTT services with SVOD, AVOD and hybrid business models. And I’ll look at how a thoughtful, holistic approach can help your OTT business thrive while keeping both users and rights holders happy.
Limiting concurrent streams is just one of the content and platform security measures outlined in our free OTT security e-guide, “Safeguarding Your Content & Platform.” Download it now to learn about DRM, Geo-blocking, VPN and Proxy Detection, Parental Controls, Data Protection, Platform Protection and more.
The Why: The Case For Limiting Concurrent Streams in OTT
Let’s start by looking at the benefits of streaming limits, beyond the simple reason that the rights-holders insist on it to prevent password sharing and piracy. Without any CSL, sharing passwords between friends – or even with strangers on a public forum – is easy. That’s bad news from a piracy perspective but also for performance. When tens of thousands of users hit your platform simultaneously, you’d better be ready to handle that traffic or your paying customers will suffer from long start-up times, stream-drop-outs, slow authentication, and service lag that will damage your reputation and drive up your churn. This is especially true if you’re offering live events or premium sports. In these cases, using CSLs can be a proactive step towards safeguarding performance and protecting user satisfaction with your service.
There’s also a cost implication to multiple users accessing the content at the same time. Variable platform fees – such as CDN delivery costs and per-license DRM rates – can very quickly add up, a phenomenon known as “bandwidth draining”.
The Why Not: Challenges Created by OTT Concurrent Stream Restrictions
Of course, there are downsides to limiting the number of streams a user account can access at once. The biggest of these is user experience. If you live in a multi-person household, it’s quite normal to expect that two people might access the same content (or different pieces of content from the same OTT provider) on different devices at the same time. Perhaps your teenagers prefer to watch on a tablet in their bedrooms rather than share the sofa with their parents. Perhaps your partner wants to watch a TV series while you relax with a movie. Hard and fast limits can make for a frustrating experience, and it’s essential that you find an adequate way to explain and signpost these restrictions to users, both at the moment of purchasing a subscription AND at the point where the limit is reached or breached.
Some operators (for example, Netflix, Amazon Prime) choose a “first man standing” approach, which means the first person to start their stream gets to keep watching, and others who come along later from the same account will be prevented from starting a subsequent stream. Other streaming platforms (for example, Spotify and Amazon Music) prefer the “last man standing” strategy, which means that when your teen presses play in their bedroom, there’s a good chance you’ll abruptly lose access.
Not only do both scenarios quite likely lead to raised voices, they limit the potential for your service to be used to its full potential in each household. We all know that, for SVOD services in particular, the more use your app gets, the less likely it is to be on the churn list when household finances are reviewed. For the record, Magine Pro’s OTT platform enables our customers to work on a “first man standing” basis when limiting streams.
Enforcing concurrency restrictions isn’t just a UX challenge. It also adds a layer of additional technical complexity and load into your apps. Regular checks need to be made for each active stream to confirm that no other stream start has been attempted on another device. The closer together the checks, the shorter the window in which users may get illicit access to multiple streams. However, there’s a trade-off between enforcement and the additional backend load these checks create, which could create unwanted latency, particularly for large-scale live events.
We’ve seen checks taking place as far apart as every 30 seconds, but typically recommend one check per 10 seconds. Once again, you’ll need to ensure your platform has the performance to carry out all these checks without degrading the user experience. A well-optimized system balances security with performance efficiency, ensuring minimal disruption to legitimate users while keeping unauthorized access in check.
The How: How to Implement Stream Limits Effectively
So, what is standard practice for limiting access? For perhaps the past ten years, the most common approach we’ve seen our customers use, influenced by the Apple iTunes store, is to limit users to two concurrent streams AND a maximum of five registered devices. If the user wants to start using a sixth device (perhaps because someone in the household has a new phone or TV) then they’ll need to de-register an existing one. This is typically done via the OTT service’s web app.
One way to mitigate frustration created by such limits is to ensure the UX for managing your registered devices is intuitive, reducing friction while maintaining security. It’s also important that your customer service team has access to a portal they can use to help users who’ve reached their limit. For example, the Magine Pro Console gives OTT services the ability to look up all the devices registered to an individual subscriber and reset registrations where necessary.
Below is an example of how consumers manage their registered devices on the website of our customer’s service, using the Magine Pro OTT Platform’s APIs to set and enforce the restrictions across multiple devices.
While big streaming services like Netflix continue to refer to their packages as limiting the number of “devices” a customer can use, the reality is that the restriction is on concurrent streams. You can login to as many individual TVs, phones and tablets as you like with one set of credentials, but you’ll only be able to watch one, two or four streams at once, depending on your subscription package.
The When: Targeting Concurrent Stream Limits To Content
Most SVOD services enforce a blanket CVL policy across their whole service. You can watch any two assets concurrently – including the same asset on two devices at the same time. However, things become a little more complex when there are live events (especially sport), AVOD or a combination of business models in the mix. This is where you want an OTT platform that allows you to be more granular with applying CVLs.
For ad-funded content, it makes less sense to limit concurrent streams – the more views, the more money you make from advertising. If you’re combining AVOD and SVOD, you will want the ability to mix and match restrictions across content with different business models. Equally, we’ve seen an increase in sports rights holders mandating just one concurrent stream per user for high-profile live events. If your streaming service includes live sports streams, or rebroadcasts TV channels with such rights, then you’ll need the ability to enforce these tighter controls on a per-asset basis. Look for an OTT Platform that gives you the flexibility to take this kind of holistic approach.
Concurrent Stream Limits can also be a business opportunity. Major platforms like Netflix and Disney+ have already proven that consumers are willing to pay for more concurrent streams. In fact, Netflix’s crackdown on password sharing, accompanied by the introduction of a ‘paid sharing’ model, has resulted in millions of new paying subscribers. For smaller OTT services, adopting a similar approach could be a strategic revenue driver (where licensing agreements allow): upselling premium plans, offering family packages, or bundling additional streams with other perks (such as ad-free viewing) can increase ARPU while keeping users engaged.
If, however, your research suggests such premium tiers would not be successful in your target market, there are alternatives. If you own your own content or have relatively liberal licensing agreements and can afford to offer all your users more than the average number of concurrent streams, then this may also be a great way to differentiate your service from the competition.
The Rest: Combining CSLs with Other Security Measures
If you want to know more about how Magine Pro can help you safeguard your content and your OTT platform, download our free security e-guide. It’s got valuable insights on how to blend CSLs with other measures such as DRM, Geo-blocking, VPN and Proxy Detection, Parental Controls, Data Protection, and protections for your platform against malicious intrusion.
Download the e-guide here
E-Guide | How to Keep Your Video Content & OTT Service Secure
Keeping your OTT service secure isn’t just about content protection—it’s about safeguarding your business. Piracy, account sharing, and unauthorized access are constant threats, putting content, revenue, and user trust at risk. Studios are demanding higher security standards, and regulations around data protection are tightening.
So, how do you safeguard your platform without compromising the user experience?
Our latest e-guide, Safeguarding Your Content & Platform: Magine Pro’s Approach to OTT Security, explores the key security measures every streaming service should have in place. While no system is completely foolproof, taking proactive steps can significantly reduce risks, helping to protect your content, maintain platform integrity, and stay competitive.
Inside the e-guide, you’ll discover:
- How to protect premium content – Advanced DRM to secure HD and 4K assets and meet studio licensing requirements.
- How to prevent revenue loss – Tools to combat unauthorized access, account sharing, and geo-restriction bypassing.
- How to build audience trust – Solutions that protect subscriber data while delivering a seamless viewing experience.
- Expert insights – Proactive strategies from OTT security specialists to keep your platform resilient and compliant.
DOWNLOAD NOW
Keep Your OTT Service Secure & Profitable
OTT security doesn’t have to be complicated. With the right approach, you can safeguard your content while maintaining a great user experience.
Download the FREE e-guide now and take the next step in protecting your platform.
Want to know more?
If you’d like to learn more about how Magine Pro helps OTT services stay secure while delivering high-quality streaming, our team is here to help. Whether you have specific security concerns or want to explore how our platform can support your growth, reach out today.
You can also visit our Experience Page to see how our customers are using Magine Pro to power their streaming services securely and efficiently.
To stay up-to-date with the latest industry insights, platform updates, and security best practices, be sure to subscribe to the Magine Pro e-newsletter.
Sports OTT: Live Sports Streaming & Video Delivery
You just won the exclusive rights for a highly in-demand football league and are looking to stream the games live for your fan base. Question is, do you have the technology platform for sports OTT to make it a success as your fan base starts to grow and incoming demands increases?
In this blog post we look in detail at the technical requirements you need to consider for sports OTT, and share how at Magine Pro we enable our partners to deliver high quality, low latency streams to audiences around the world.
Media quality & low latency
There are many technical aspects to consider when providing a premium OTT service for sports, and in particular live sports where quality is of the utmost importance. With fast-moving objects, a high bit rate for High Definition from 720p and more is essential with 60 frames per second. This is preferable for big-screen viewing as with 60 frames per second, the transition between each frame is much smoother, which makes fast-moving sports content look frictionless as a result. As it stands today, anything over 60 frames per second will not make the viewing experience any better.
Predictable low latency end-to-end is also crucial. Your choice of technology, protocols and architecture will ultimately affect the end-user’s overall experience. Each part of the workflow should, therefore, be measured to monitor latency. Latency below 10 seconds (preferably closer to 6 seconds) is a good standard to aim for, although to reach this may require improvement of the entire workflow, as latency is affected by the number of steps end-to-end.
Key areas to consider & address include:
- Assess what effect media ingestion (encrypted transfer), encoding and packaging, and the network have on latency overall
- The choice of media segment lengths
- Using HTML5-friendly streaming technologies such as HTTP Live Streaming (HLS) or Mpeg-Dash to give cacheable delivery
- Content delivery networks (CDNs) that can deliver higher volumes with more efficiency
- How the player handles buffering
Content Security
Content SecurityContent owners will invest a lot of resources in acquiring media so that they can offer their users the latest live events and an attractive VOD catalogue. Most right holders today also require a certain level of security protection in an OTT platform to be able to acquire content from them. Protecting media from being accessed by unauthorised users involves utilising different tech and methods.
One method is Digital Rights Management (DRM), which can control the distribution of copyrighted works. Before content is streamed it must be encrypted and packaged with a DRM schema so that only authorized users and devices can play it back. At Magine Pro we use Microsoft PlayReady, Google Widevine and Apple Fairplay to do this. We can also enforce DRM key rotation in a given interval to take down any ongoing streams that might have been set up in an untrustworthy way.
The content license agreement you have with the right holder may also specify locations that are unauthorised to access content. Because of this, in addition to DRM protection, right holders also request that OTT platforms deny users access when connecting through banned VPN or Proxy services. At Magine Pro we provide all of the mentioned security techniques above to our partners.
You may also need to look at reducing the number of ongoing streams and devices per user account to maximise revenue intake and eliminate account sharing. This is particularly important when hosting exclusive live events in your service.
Scaling for demand
As your OTT service expands over time you will need to scale to avoid certain drawbacks, including loss of video quality, poor user experiences and increased costs affecting you and your customers. This can be challenging if you haven’t done the engineering work or built in the relevant monitoring.
At Magine Pro we run our OTT platform on AWS, which enables us to scale up and down as we require and pay only for what we use. Working with AWS also means during peaks we don’t need to set an upper user limit or traffic limit because of hardware constraints. This is a big advantage for us and our partners that we build OTT services for.
In an ideal world, you would be able to scale up when demand increases and scale back down when traffic decreases. Sounds easy, but services often require a warm-up before they’re ready to accept incoming requests and traffic. Autoscaling is good, but not great at this.
For live events, especially for pay-per-view, you should pre-provision your infrastructure to manage the exponential rise in traffic when the event starts. Autoscaling often takes many minutes to kick in, however, so it’s better to provision more and scale down, than not scale up quickly enough.
With pay-per-view events, typically you know how many people have pre-purchased before the event, this early indicator lets you know how much you need to scale. However, you could also see an increase in purchases up to 10-15 minutes before the event starts, so you need to build in some headroom to handle that. It can be a good idea to run a pre-event (especially if you haven’t delivered live before) to ensure payment flows are provisioned to handle a potential increase in traffic right before the event begins.
Your service operations team also plays an important role when hosting live events. It’s essential to have clear roles and responsibilities in place and also defined escalation paths, communication & troubleshooting routines between the event distributor and your platform provider.
Service testing & reliability
As an OTT platform service provider, we strive to be highly reliable. To achieve this, we need to consider the architecture for high availability, what infrastructure and how we utilize AWS’s cloud infrastructure.
High availability requires more resources, which can compete with our aim for low latency (affected by the number of steps in the end-to-end flow). At Magine Pro, we provide flexibility here for our partners. They can select resiliency levels depending on the value of their content, audience size, live vs Video-On-Demand or accepted downtime.
The starting point is to look at multiple incoming signal paths; from the signal distribution (even down to power suppliers), all the way through to acquisition, transcoders, automatic failover and monitoring tools. Doing this enables us to achieve resiliency and to withstand certain types of failure, yet remain functional from the customer’s perspective.
Understanding our platform and our partner’s availability needs enables us to design and continuously test our platform using injection patterns. We can take down services to learn how the platform reacts and remains functional from the customer’s perspective. In this case, we also have simulated end-users or real users in a production environment.
You might think you have high reliability and resilience to handle services going down, but without really testing it you don’t build up a confidence level. We do this testing continuously and monitor the outcome to improve our engineering capabilities, to better handle failures, start-up new services, and to re-balance traffic over to healthy endpoints.
_______________________________________________________________________________________
To find out more about our OTT platform and how we enable our partners to deliver live events, linear and VOD content to audiences around the world head here. On our experience page, you can find out more about our partners and the OTT services they operate.
Get in touch with us if you would like to discuss how we can help you launch a successful sports OTT service or to demo our services.
You can also subscribe to the Magine Pro e-newsletter and/or follow us on LinkedIn to stay up-to-date with our latest news, partners and products.