A real viewer watches encrypted video that decrypts only in the browser — and a scraper that grabs a URL gets nothing.
The tenant's signing key never leaves Aegis — the browser only ever holds a short-lived attestation + grant. Encrypted segments live on storage/CDN; the content key is attestation-gated.