Can't the cable company just include steganography with the subscriber ID encoded into the video stream, so that when NFL appears on one of these streaming boxes, they can just kill that subscriber's service and thus the pirate streams also?
Filter it out with some combination of ffmpeg and LLMs? Super easy if it's being served using HLS and .ts files. Also, in the case of over the air, you can just pull the signal locally out of the air at no cost. You can easily forward that local over the air signal to a private group (using ATSC to IP gateways and converters), and create a mesh if you have folks distributed geographically, each hosting an antenna and shipping an IP stream (which Plex and other systems can consume, not sure if Jellyfin supports this though).
No, because they'd have to decompress and then recompress every stream. This would reduce already-lame quality (not that they'd particularly care) and require a bunch of resources.
Nah that's not how it works. Streaming video is usually cut up into small segments. By having a couple of variants per segment, they can serve you a unique and identifiable sequence of segments without having to decompress (and encrypt) them for each user.
This would be much easier said than done, most video segments are served up by CDNs, so it would have to be done via processing on CDN edge nodes. Cloudflare might support something like this but most CDNs don't as far as I'm aware. Doing it server-side would kill CDN cache hit rates and massively increase cost.
You don't need to. During premium streams the clients are frequently rekeying. So you cancel the streamer's subscription and the stream soon stops. The streamer also loses the rest of the month's subscription and goes onto a blacklist. This is already a thing with, for example, Sky in the UK.
This works as long as each of these boxes connects directly to the streaming provider's servers. With pirate streams often there's a pirate streaming provider with a legitimate subscription, whose STB handles the rekeying, then the already-decoded AV stream is captured and redistributed. The end-users never actually stream from the streaming company, they stream from the pirate. That's often how sports are pirated, and your best bet is going to everyone's homes and checking that they're not watching your streams without a license.
Right? Each legitimate stream, including the pirate's, includes a unique ID. The content protection company subscribes to the pirate stream, gets the ID, and shuts down the pirate. This works today.
The problem that Sky has is that most premium sports content is available in other countries with less effective copy protection, so that's where the pirate streams originate, and Sky can't do anything about them.
You're right that none of this affects the end-users.
Sure, you can buy a box and inspect that stream, but if there's a multitude of pirate streams it's an eternal whack-a-mole game. You cancel one pirate's subscription, the streams redirect to another, in the meantime the first pirate somehow gets access to another legitimate stream and so on.
This also doesn't account for the fact that there might be another proxy pirate in the middle who would relay the stream without the ID to the box (this and the first pirate might as well be the same person). This way even if you have the box you cannot find out which subscriber specifically the stream originates from, as the ID is gone before the stream is sent to the box.
To be 100% sure nothing is pirated, the streaming provider would have to either MITM the traffic from the ISP to the end-user (not legally possible) or just plain old show up at a place of a non-subscriber and inspect the equipment (again legally questionable).
This is exactly how netflix DRM works. Every device gets a unique stream, and if that stream pops up on the high seas, the account and device is blacklisted.
