Business DRM-Free OnlyFans Downloads See Widevine Project Nuked From GitHub


April 28, 2025 by Andy Maxwell

Used by major video platforms including Netflix, Disney+, Amazon Prime Video, and Hulu to name just a few, Google content protection system Widevine can be found in leading browsers, games consoles, and most mobile devices. Circumvention has been ongoing for years, but after OnlyFans sent a complaint to GitHub, a Widevine decryption project has been ejected from GitHub.

cdrm-project-down-s1.png.webp

For streaming services such as Netflix, Digital Rights Management (DRM) systems provide a level of control over the company’s most valuable assets, including movies, TV shows, and other content for consumer consumption.

DRM not only restricts access to customers authorized to consume content, it can determine when and how it’s consumed too. When all goes to plan, DRM should also prevent end users from casually copying movies and TV shows, which should result in a positive contribution towards minimizing the spread of pirated content online; at least in theory.

Widevine Everywhere​

Ultimately, whether users loathe it or just hate it, DRM exists in billions of web browsers and devices. One of the most widespread is Google’s Widevine and avoiding its footprint today is almost futile. It can be found in Chrome, Firefox and similar browsers, mobile platforms such as Android, videogame consoles, plus many set-top boxes and smart TVs. At least five billion of them, most probably more.

Unsurprisingly, Widevine has been exploited and reverse engineered over the years, as evidenced by the content it’s supposed to protect ending up on pirate sites, almost without exception. In 2020, Google took action against Chrome extension Widevine L3 Decryptor, which was capable of decrypting Widevine content keys by hijacking calls to the browser’s Encrypted Media Extensions (EME).

Problems persisted throughout 2021 and 2022 with Widevine Dump but the problems haven’t gone away. The same goes for individuals and groups committed to countering Widevine, although it’s still possible to attract negative attention.

OnlyFans Targets CDRM-Project​

In a DMCA takedown notice dated April 22, 2025, OnlyFans owner Fenix International Limited informs GitHub that it had “recently become aware” of repos on the platform with code “specifically designed” to circumvent Fenix’s DRM, aka Widevine.

“The identified repositories contain step-by-step instructions which are specifically designed to circumvent the DRM protections in place on OnlyFans. The repositories contain links that are ‘hard-coded’ and specifically targeted at OnlyFans,” Fenix writes.

“The coding is designed to impersonate a video player in order to decrypt and play DRM protected files, obtaining the ‘secret’ token required to play the DRM protected content. The downloaded files are then converted into an MP4 format which has the DRM protection removed.”

CDRM-Project repo before suspension

cdrm-project-page1.png.webp

In line with its pro-developer policy when processing DMCA takedown notices, GitHub contacted the operator of the main repo and the operators of six additional forks, with an opportunity to address the complaint and avoid suspension.

For reasons that aren’t revealed, GitHub’s outreach couldn’t prevent the suspension of the entire CDRM-Project repo and all reported forks.


GitHub requested Fenix to identify “every specific file” in the repo that it considers infringing; Fenix responded with a statement that the “entire repository is infringing” and should be removed.

Anti-Circumvention Complaint​

To GitHub’s credit, when rightsholders allege violations of the DMCA’s anti-circumvention provisions, GitHub conducts its own assessment. If there is no basis for a claim, GitHub sometimes finds other copyright-related grounds, but here there is no pushback. That’s usually a sign of a complaint that stands up under intense scrutiny.

Another unusual aspect to the complaint is the Fenix response to GitHub’s request to provide the alleged infringer’s contact details, if they’re in possession of them. In most cases rightsholders say they’re unaware of those details but here, Fenix provides the details of two sets of owners and two sets of contributors.

The project is now being made available via a repo on cdm-project.com but how long that’s likely to last is unclear.

When any DRM system unnecessarily restricts access to content by design or due to inherent limitations, those who suffer the most are legitimate customers. Most have no interest in piracy, were never part of the original problem, but are responsible for the bulk of the revenue. Once DRM starts to feel like DRM, that’s where the big problems start.
 
Like a DMCA request is gonna stop pirates. They'll just move it to a platform that doesn't respond or honor DMCA take downs.
 
Onlyfans please explain to me what copyright of yours this is violating. Pre-Microcock GitHub would never comply with this bullshit DMCA.

This is like a company who had some machine they manufactured taken apart and reproduced illegally and then going to sue to people who made the screwdriver used to unscrew the thing.
 
Onlyfans please explain to me what copyright of yours this is violating. Pre-Microcock GitHub would never comply with this bullshit DMCA.

This is like a company who had some machine they manufactured taken apart and reproduced illegally and then going to sue to people who made the screwdriver used to unscrew the thing.
It's affecting their ability to make money.

Last thing they want is the good old days where people showed their body parts freely.

'You are showing boobs for free? No, you has to has OnlyFans, woman!'
 
Onlyfans please explain to me what copyright of yours this is violating. Pre-Microcock GitHub would never comply with this bullshit DMCA.

This is like a company who had some machine they manufactured taken apart and reproduced illegally and then going to sue to people who made the screwdriver used to unscrew the thing.
The DMCA has anti-contravention provisions. So just providing the mechanism to violate a copyright, the DMCA will apply.

That being said, there's precedent that code itself is first amendment protected. Code is yet another written language and courts have ruled it serves as a first amendment protected technical explanation of an algorithm or a process.

The way these conflicts are usually handled is that the code itself is protected but encryption keys often aren't. So these repos are usually permitted as long as the keys are distributed elsewhere and they don't make it too obvious how to obtain them.
 
The DMCA has anti-contravention provisions. So just providing the mechanism to violate a copyright, the DMCA will apply.

That being said, there's precedent that code itself is first amendment protected. Code is yet another written language and courts have ruled it serves as a first amendment protected technical explanation of an algorithm or a process.

The way these conflicts are usually handled is that the code itself is protected but encryption keys often aren't. So these repos are usually permitted as long as the keys are distributed elsewhere and they don't make it too obvious how to obtain them.
Yes but onlyfans doesn't own the software that's allegedly being circumvented, Google does. I know copyright law is retarded and a mess, but wouldn't Google have to be the ones sending the takedown. The takedowns require you to acknowledge that you are the copyright holder, only fans does not hold the copyright for widevine, their software is not being circumvented.
 
Onlyfans please explain to me what copyright of yours this is violating. Pre-Microcock GitHub would never comply with this bullshit DMCA.
Onlyfans is a corporate pimp agency. They own their whores and downloading images (that were presumably already paid for?) interferes with their ability to monetize their whores. At least I think that is the logic.

It would make more sense to go after the coomers reposting it but this is easier I guess. Going after people downloading seems weird since just viewing something on a web page creates a local copy.
 
Yes but onlyfans doesn't own the software that's allegedly being circumvented, Google does. I know copyright law is retarded and a mess, but wouldn't Google have to be the ones sending the takedown. The takedowns require you to acknowledge that you are the copyright holder, only fans does not hold the copyright for widevine, their software is not being circumvented.
I think the anti-circumvention provisions might be able to be exploited by a client of the DRM. But as you note, the laws are confusing gibberish and difficult to interpret.
 
I think the anti-circumvention provisions might be able to be exploited by a client of the DRM. But as you note, the laws are confusing gibberish and difficult to interpret.
The DMCA legitimately needs a complete rewrite. It was a mess when it was enacted and its an even greater mess 20 years later.
 
The DMCA legitimately needs a complete rewrite. It was a mess when it was enacted and its an even greater mess 20 years later.
Like with Section 230, we can only expect things to get worse when the laws are revisited. In particular, there's bipartisan (corporate) support for infinite copyright and strict anti-piracy.
 
Atrás
Top Abajo