Mike McKeown is Senior Director, AI Transformation and Sales Enablement at Verimatrix, he sat down with Carlos Rocha Gonçalves, VP of Growth at Jscrambler and Maria Malinkowitsch, Director of Product Management at Verimatrix.

As the 2025/26 football season begins, piracy continues to plague premium content. Browsers have been the weakest link in the streaming security chain, with HTML5 apps presenting:

  • Unlimited device/browser combinations
  • Exposed client-side logic
  • Integration with fraudulent apps and external tools

The Interview

Mike: Until recently, Verimatrix focused on mobile apps and connected devices. What made browsers such a big problem?

Mascha: “HTML5 apps were the easiest entry point for pirates. On iOS or Android, you deal with limited ecosystems. But with browsers, you face infinite device and browser combinations. Pirates exploit that by attaching fraudulent applications or using external appliances. And unlike banking or healthcare apps where users tolerate two-factor authentication, video users won’t accept friction — they just want to click play. That combination made browsers very hard to protect.”

Carlos: “Exactly. The browser is a powerful but highly exposed platform. All the application logic is visible, which makes reverse engineering and tampering straightforward without strong protections. We see everything from client-side code abuse to credential exfiltration. Traditional DRM or mobile app hardening didn’t address this, which is why video providers were so vulnerable.”

The Breakthrough: Persistent Identity + Unified Protection

Mike: So what’s changed with this partnership?

Mascha: “The breakthrough is persistent identity across all platforms. We now have a secure, persistent user identity working across iOS, Android, and browsers. Even if a user clears cache or goes incognito, the browser instance remains identifiable. That consistency was impossible before. Bringing that into one unified UI alongside mobile protection is a game changer for operators.”

Carlos: “And we’ve made it simple to deploy. Our JavaScript protection applies polymorphic obfuscation, code locks, and self-defending logic. Each build is unique, so even if a hacker breaks through once, the next version forces them to start from scratch. We’ve embedded anti-debugging and anti-tampering checks that detect malicious behaviour instantly and can trigger countermeasures or telemetry reporting. From an operator’s perspective, it’s still a zero-code, CI/CD-friendly deployment.”

Demo insight: In the demo, the Counterspy dashboard displayed browser sessions side by side with iOS and Android. Unique identifiers persisted through cache clears, finally solving subscriber recognition in browsers. Now a customer has complete transparency on all client devices in one tool.

Detection and Countermeasures

Mike: How does this change detection and response for operators?

Carlos: “Jscrambler’s telemetry makes attacks visible in real time. For example, we can detect debugger use — often the first step in a piracy attempt. Self-defending code will disrupt that debugger, and telemetry events are sent back so operators can see patterns: repeated debugging, tampering attempts, domain violations. It’s detailed enough to separate noise from real threats.”

Mascha: “And once you have that visibility, you can act precisely. Operators can configure automatic responses — degrade video quality, suspend playback, or block sessions. On browsers, we’ve added URL redirection, so a pirate might suddenly see a warning page instead of premium content. The key is flexibility: video operators hate false positives, so we give them surgical control over countermeasures, all tied to persistent identities.”

Demo insight: A pirated premium movie stream was traced back to a single iPad in Germany. By correlating content ID, app instance ID, and subscriber identification, operators can enforce countermeasures against that device within minutes, without going in detour via CRM and risking affecting legitimate users.

Working as One Team

Mike: What was it like combining two different solutions?

Carlos: “Aligning two companies can be complex, but here it felt natural. Both Verimatrix and Jscrambler share the philosophy that even complex protections must be easy to deploy and use. That mindset made technical integration smoother — we built it to feel like one solution, not two stitched together.”

Mascha: “Exactly. It felt like one development team. Our engineers combined Jscrambler’s expertise in client-side web security with Verimatrix’s Video knowledge. Together we solved the browser identity problem the industry thought was impossible. That was motivating and fun, despite the technical challenges.”

Key Takeaways

Carlos: “Resilience by design. With polymorphic obfuscation, each app release forces attackers back to square one. Combined with telemetry, operators gain visibility and assurance.”

Mascha: “End-to-end strategy. Operators can’t patch gaps anymore — piracy requires protection from DRM through client apps and browsers, all unified in one solution.”

Why It Matters

For technical leaders in streaming and OTT:

  • Persistent, cross-platform user and device identity.
  • Hardened browser protection with obfuscation, anti-debugging, and anti-tampering.
  • Telemetry-driven detection to distinguish attacks from noise.
  • Flexible countermeasures integrated with operator workflows.
  • Zero-code, CI/CD-ready deployment.

For the first time, operators can approach browser piracy with an end-to-end strategy that is technically robust yet operationally simple.