In the last post on why JioHotstar goes black when you screen share, DRM keeps decrypted video off the capture surface most of the time. In practice, people sometimes notice a gap: after popping the same stream into Picture-in-Picture (PiP), a screen recorder may suddenly see pixels again.
This article explains why that can happen in the browser at a systems level, how Widevine L3 vs L1 fits in, and why no vendor promises this behavior forever. It is an implementation and policy balance, not a proof that protection is “unbreakable.”
Disclaimer: Streaming terms of service and copyright law still apply. The goal is to understand compositor and CDM behavior, not to advise circumventing rights management for redistribution.
What people observe (browser + PiP)
Reported steps: results vary by OS, GPU, browser build, codec path, and title tier:
- Open a DRM-protected site such as JioHotstar in a desktop browser.
- Start playback, then enter PiP via a built-in browser control or an extension that wraps
<video>in a floating window. - Start screen capture.
- Sometimes the PiP plane records normally while in-page video stayed black for the same session.
Treat this as empirical behavior, not a guaranteed recipe. Extensions can alter DOM and composition in non-standard ways; Chromium updates and studio policy changes invalidate write-ups constantly.
Why PiP can change what recorders see
Protected playback pairs decryption with a display path that is supposed to keep cleartext frames out of buffers that ordinary screen grabbers read. For in-tab or some fullscreen presentations, the compositor tags that layer as non-capturable on supported pipelineshardware-bounded video overlays on some GPUs, tighter hand-off to the OS capture stack, and related platform contracts.
Picture-in-Picture in Chromium-class browsers is not “the same widget moved.” The video is re-parented into a separate window or surface, and the browser runs a different code path for sizing, layers, and sometimes decode routing. When that path does not participate in the same protected-memory contract, or when playback is already on a Widevine L3-style software decode feeding ordinary GPU texturescapture tools may observe pixels again.
The hand-wavy version you hear in forums (“hardware fullscreen vs software PiP”) points at a real ideadifferent surfaces, different security tagsbut oversimplifies how decode, scaling, and the OS compositor cooperate. The precise mechanics are proprietary and shift per release.
| Mode | Typical goal | What capture often sees |
|---|---|---|
| In-page / some fullscreen paths | Keep cleartext off general capture | Black or masked video rectangle |
| PiP / alternate surface | Usable floating window, sane GPU work | Sometimes unprotected composition |
That table is debugging intuition, not a spec.
Widevine L3 vs L1 (and why 4K stays stubborn)
Widevine levels roughly describe where keys and critical decrypt steps live:
- L3: Software CDM; decode may run without the strongest TEE binding. Studios often cap resolution or bitrate for L3-only clients. That looser chain is where more capture quirks tend to appear.
- L1: Hardware-backed; keys and decode touch secure silicon paths designed to resist exfiltration. 4K HDR titles frequently require L1, which is why PiP often stays black there even when 1080p briefly behaved differently on the same machine.
So the pattern “720p or 1080p slips through, 4K does not” matches industry expectations: stronger policy rides stronger hardware.
Security vs usability
PiP is a mainstream accessibility and multitasking feature. Shipping it without wrecking battery, latency, or OS integration forces tradeoffs. Whenever two composition paths exist (inline player vs out-of-tree PiP), security review has to show both respect studio rules. Gaps get patched when found; yesterday’s observation is not tomorrow’s interface contract.
That is why “DRM is not always unbreakable” is the accurate headline: not because protection is fake, but because systems are large, layered, and always moving.
Takeaway
Black video on capture depends on which decoder and compositor path feeds the pixels you see. PiP can switch that path enough that some L3 streams surface in capture-visible buffers again until vendors tighten the chain. Treat observations as time-stamped engineering facts, not stable exploits, and read your streamer’s terms before you press record.