A viewer clicks a thumbnail and watches. Now watch a bulk scraper try to mirror the entire library — the same way it would wget -r an unprotected HLS catalog.
Even a paying subscriber can screen-record what they watch — that's the analog hole, and no system stops it. So Aegis makes every copy traceable: each viewing session is served a unique A/B watermark woven into which variant of each segment it receives. If a copy leaks, the watermark decodes back to the exact account that pulled it.