Mux and cloudflare stream are on my list of potential alternatives. We do use this domain restriction of Vimeo. It’s not fullproof but definitely stops casual downloads.
Our own videos have been pirated already and are shared around some torrents sites and on telegram, and there's nothing we can do besides plead to people's sense of moral duty. We're not a huge Hollywood studio or a megacorp. We're just a small bootstrapped company and producing our videos is the most expensive and time-consuming part of our platform. Luckily we still offer some added value besides videos, and make it easy to "do the right thing" and pay a subscription. Yet, we just have to live with piracy I guess. Vimeo didn't prevent it, although perhaps made it only slightly harder.
It looks like the "hack" is to only set the referrer header of the request to be the domain that's whitelisted which can be done with any HTTP client, but the issue is also 4 years old. I wonder if that's been addressed because the referrer header is really not something you can trust from the client.
I wonder if this also means if you use browser extensions that focus on security (such as randomizing your user agent and deleting the referrer header) that those folks wouldn't be able to even watch the videos.
Thanks for bringing this to my attention because if domain restriction does indeed still work like this then I don't think I will use Vimeo for that feature alone.
Signed URLs with both time and IP address based restrictions would be ideal. I wonder if IP address based restrictions is something Mux has planned.
Yes, we come across some people with privacy browser extensions that remove the referrer and indeed this is causing playback issues for them.
It's still a fairly effective protection for casual copying or link sharing, but of course it's easy to circumvent. Even DRM gets broken all the time, so it seems like a bit of a futile effort to try to prevent it completely.