The tech behind the stream: what it actually takes to deliver content around the world Skip to content
When the world plays, we don't blink. Our real-world signals support betting, streaming, and more.
Learn How >>

The tech behind the stream: what it actually takes to deliver content around the world

Laptop with streaming icon, popcorn flying from the screen and soccer player kicking soccer ball above.
Read time:
71 minutes

One user. Two readings. Drag to compare  < >
What our signals see What the IP check sees
The residential proxy that fools an IP blacklist doesn’t fool signals that know exactly where a device is.
Read the playbook

Picture this:

It’s opening night of one of the most anticipated sporting events on earth. Hundreds of millions of people are glued to a screen in one moment.

The match loads. The right content goes to the right viewer. The stream is in their language. Everyone gets the ads they’re supposed to. It all just works. But behind that seamless moment is a battle being fought in every direction.

Piracy

Pirates who have been preparing for this broadcast since the draw was announced.

Credentials

Credential attackers who know your subscribers will be distracted.

Rights holders

And your rights holders, who will be watching extra close to see whether their content goes exactly where it’s supposed to.

The 2026 World Cup—the world’s biggest, most-watched global sporting event—is clocking in at over 192 million unique viewers (just in the first round). The most recent Winter Olympics saw over 110 million unique users. Even the U.S. centric Super Bowl saw around 125 million viewers.

110M
Recent Winter Olympics
unique users
125M
Super Bowl
viewers
192M
2026 World Cup unique
viewers, first round

Underlying all these major sporting events is a licensing map that shifts region by region. A surge in viewers glued to a screen at the same moment. A once-a-cycle subscriber-acquisition window. And a fraud surge timed to the exact minute.

This is the scale, precision and complexities that GeoComply was built to manage for over a decade.

We sat down with James Clark, GM of Media & Entertainment at GeoComply, to talk through how streaming platforms prepare for the biggest live windows in sport and entertainment. The process, the decisions, and the thinking that goes into protecting rights, revenue, and viewers when the whole world shows up at once.

But first, let’s set the scene.

When a major sporting event kicks off, millions of fans hit play at the same time.

That means that the verification layer underneath (the location checks, identity signals, fraud detection, etc.) is absorbing enormous, sudden spikes in demand.

For a platform, the stakes are real. If the wrong content reaches the wrong region, a rights holder notices. If a real viewer is locked out at kickoff, they don’t wait around. And in a market where one bad moment sends a subscriber to the next app, a protection failure doesn’t just cost a stream. It costs your relationship with paying customers and rights owners.

This is the world GeoComply’s media and entertainment team prepares for. Champions League finals. Olympic Games. Super Bowls. Grand Slams. And most recently, at a scale the world has never seen: the World Cup.

And that’s the exact mindset James and the team built the playbook around.

01 The reframe First read on the moment

The World Cup is one of the most watched events on the planet. When you started thinking about what a moment like that means for a streaming platform, what was your first reaction?

James

The audience surge is the obvious story, and it’s the one everyone has to get ready for. Live sport is a challenge for a streaming platform for many reasons; least of all being that if something goes wrong, you only have one chance to fix it.

Plus, you don’t have long to do so. I think a crucial step that is often not given as much attention as it requires is what happens before an event. Threats don’t show up in your dashboards on broadcast day. They actually start to show up weeks earlier, in places you’re not necessarily looking yet.

The reframe we always come back to with partners is that this isn’t a broadcast-day problem. It’s a months-out problem. The pirate spinning up infrastructure to restream the final has been working on it since the bracket was set. The credential ring testing your login flow isn’t waiting for kickoff. So if your plan only starts a few weeks out, you’re already reacting to something that’s been building for months.

And it’s never just one problem. A single match is a compliance problem, a revenue problem, and a trust problem at the same time. The platforms that come through these windows well are the ones who stopped treating those as separate workstreams.

02 Event readiness Rights, risk management and uptime

How does preparation actually work? When does it start, and who’s involved?

James

Months before the event. And it’s not just one team. There are many pieces fitting together.

01

The first is the rights picture. What are the exact licensing boundaries, territory by territory? What does the studio or league need to see in the audit afterward? Which markets carry the most exposure? You can’t protect a boundary you haven’t mapped precisely, and “roughly the right country” isn’t good enough when a valuable rights deal is on the line.

02

The second is risk intelligence. What spoofing and proxy methods are we seeing emerge right now? The techniques change between every major window, so we spend real time understanding what the sophisticated operations are testing before the event, not after.

03

The third is platform readiness. Ensuring uptime with no disruptions, tuning the detection models, mapping geofences to the rights map across every device type, setting the false-positive thresholds so a legitimate fan never feels any of this. That’s the work.

The important thing is that readiness isn’t a meeting where someone says “we’re good.” It’s a sequence. You identify the gaps, you close them one at a time, and the work shapes the plan. Readiness isn’t a single state. It’s an ongoing process.

And most critical of all, the platform needs to make money. How are you ensuring you know who each of your viewers are? How are you ensuring you’re maximising the value of each eyeball you’ve worked so far to attract?

03 Maximizing value The power of context

You mentioned platforms should be maximizing value for every view. What does this look like in practice?

James

It starts with treating a view as a piece of context, not just a metric. Two people watching the same match aren’t the same viewer. One’s on the sofa. One just walked into the stadium with your app open. One’s commuting, streaming on cellular in a second language. Same content, three completely different moments. Most platforms serve all three the identical experience because they can’t tell them apart.

On the sofa

One’s on the sofa.

In the stadium

One just walked into the stadium with your app open.

Commuting

One’s commuting, streaming on cellular in a second language.

Once you can verify where someone actually is and how they normally behave, every one of those moments becomes something you can act on. The subscriber who crosses a venue perimeter can get exclusive pre-game content, an in-venue offer or a sponsor activation you can’t deliver without knowing they physically walked in. The viewer in a specific market sees the catalog, language, and recommendations built for where they actually are, not where they’re guessed to be. The ad they’re served is cleared for their jurisdiction and priced against verified reach, which is why location-based inventory can drive materially higher engagement and CPMs than broad targeting.

And it compounds. The behavioral baseline you build—where someone watches, on which devices, at what times—makes the next session more relevant than the last. For a growth team, that’s the difference between a viewer who showed up for one match and a subscriber who stays for the season. The event hands you the acquisition spike. What you do with every view is what turns that spike into sustainable growth and retention.

04 The signals No single silver bullet

So far, you mentioned rights enforcement, risk intelligence, uptime and revenue. In your experience, what technologies in the market are most essential in addressing these challenges?

James

The honest answer is that no single signal or solution does it all. Anyone selling you a silver bullet fix is selling you a blind spot. What actually holds up across all four is a combination of signals that give you a more holistic picture: location, device, identity and behaviour, corroborated together and layered over time.

01Location 02Device 03Identity 04Behaviour
Location

Location is the anchor. Where a device physically is, verified against the licensing map, is what enforces rights and catches the spoofer.

Device

Device signals tell you whether that location can be trusted in the first place, whether something’s been tampered with, jailbroken or run through a tool built to fake it.

Identity & behaviour

Identity and behavioural signals tie it to a real person and their regular patterns, which is what separates a household from a fraud ring and a traveling subscriber from a compromised account.

Each has gaps on their own. Together, they cross-reference each other, so one spoofed input doesn’t open the door.

The reason that combination answers all four challenges at once is that it’s the same underlying read. The signal that proves a viewer is inside a licensed territory is the same signal that flags the piracy ring, the same signal that confirms the account is legitimate, and the same signal that tells you who’s really watching. You’re not running four systems. You’re extracting different insights from the same set of signals.

05 The intelligence layer Location, device & identity

Walk me through how these location, device and identity signals actually work under the hood.

James

The clearest way to think about it is in two layers. The one most of the industry still relies on looks at the network level—conventional signals we’re all familiar with like IP geolocation. The one we’ve been describing above looks deeper: at the device itself, the person using it, and the location.

Surface
Network layer

IP geolocation

IP geolocation lives at the network layer. It’s cheap, it’s everywhere, and it’s unintrusive, which is why it’s the industry standard. But at best it’s accurate to within about 100 kilometers, and when a residential proxy is active, it’s effectively blind. A piracy ring routing through a real home IP looks like a local subscriber.

True signal
Device & identity layer

Where the device really is

The device and identity layer is where you actually hold the line. GPS, WiFi, and cell tower signals confirm where a device and user physically is down to a couple meters, not where its network suggests it might be. Layer behavioural baselines on top, the locations and devices an account normally uses, and the picture sharpens further.

A family sharing one login across a city looks completely different, at a signal level, from a ring sharing credentials across a continent. Same with tamper detection: a spoofing tool leaves fingerprints an IP lookup never sees.

The prep work is building those baselines before the event and making sure it all behaves consistently across web, mobile, smart TV, and set-top box. A gap in one environment is the gap someone finds on match day.

06 The blind spot What IP can’t see

IP-based geolocation is the standard a lot of platforms already rely on. Why isn’t it enough for a moment like this?

James

It’s the industry standard but frankly, quite outdated as a standalone solution. The problem is what it can’t see. Most of modern piracy now runs through residential proxies, and those don’t light up the VPN blacklists everyone’s built their defenses around. The obvious data-center VPN is the one you catch. The sophisticated operation, the one doing the real commercial damage, walks straight through the front door looking like a local fan.

The way I put it to partners is simple: the residential proxy that fools an IP blacklist doesn’t fool real world signals that know exactly where a user or device is. Once you’re verifying at the device and identity level, the blind spot closes.

An independent third party backed this up. When Cartesian shared results from a series of tests it ran across various streaming services for a sports rights owner, even everyday tech-savvy consumers were getting past basic IP guardrails. This isn’t a fringe problem anymore. It needs to be addressed at the infrastructure level.

07 Revenue protection Plugging revenue leaks

How does revenue tie into the other anti-fraud and uptime processes required for event readiness?

James

It’s the same signal doing all of these jobs. The verified location that keeps a stream inside its licensed territory or detects a piracy ring is the same data that tells you who’s really on the platform, where they are and what they enjoy streaming.

But first, let’s start with revenue leaks, because they’re quieter and often a bigger problem than most platforms are led to believe. Password sharing, price arbitrage, gray-market access. The thing that makes those hard isn’t detecting them, it’s detecting them without torching the experience for real subscribers. A household sharing one login across a city looks identical to a fraud ring if all you have is network level data.

Once you can tell those apart at a deep signal level, you can prompt the sharer toward their own subscription and leave the real household completely alone. That distinction is the whole game. When Netflix tightened up location-based controls, they added 9.3 million subscribers in a single quarter. Blocking led to buying.

9.3M New Netflix subscribers in a single quarter once location-based controls tightened. Blocking led to buying.

Price arbitrage is the same story. The price gap between markets can run over 800% more, so people spoof into the cheap region at signup and watch premium content for a fraction of the price. Verify true location at signup and at billing, and that loophole closes. And the gray-market viewer everyone writes off as a lost cause mostly isn’t. Close the illegal stream off cleanly and a large share of those viewers will take out a real subscription. They wanted the content. They just took the easy door.

800%+ How far the price gap between markets can run, which is what fuels signup spoofing. Verify true location at signup and billing and it closes.

Then there’s the upside.

08 The upside Protection as a growth layer

Plugging revenue leaks is one part of the equation. Can you elaborate more on the upside you just mentioned?

James

Verified geographic reach is the cleanest audience signal you can leverage yourself or hand an advertiser. Inventory you can prove is real fans in real places, free of bots and spoofed impressions, commands materially higher in a lot of cases, because it’s brand-safe in a way generic IP targeting can’t match.

The same precision powers location-based personalization, regional recommendations, venue-specific offers when a verified fan walks into a stadium. One of our partners added 15% to their revenue projections building products with precise location, after coming to us to solve a compliance problem.

+15% Revenue-projection lift one partner built on precise location, after coming to us to solve a compliance problem.

That’s the pattern. Platforms come for the rights enforcement and stay for what the same signal does to grow the bottom line.

09 Pre-match coverage Rights, risk, uptime and growth.

It’s the day before a major match. What’s on the pre-game checklist?

James

I’d generally group them into a few buckets: rights, risk, uptime and growth.

Rights

Are the geofences mapped correctly to every territory’s licensing terms, and is that holding across every device type a fan might watch on?

Risk

Are the proxy, spoofing, and tamper models tuned, and are the false-positive thresholds set so legitimate fans get in without friction? Catching pirates is only half the job. Not catching the traveling subscriber is the other half.

Uptime

Is the verification layer scaled for the spike, and tested against it? A surge that knocks out a CDN is the platform’s problem to absorb. A surge that slows the location check is ours. When millions hit play in the same few seconds, every one of those checks has to clear in milliseconds, or the friction you engineered out comes straight back at the worst possible moment.

Growth

Is the verified-location signal actually feeding the teams that turn the event into revenue? Ad targeting and compliance boundaries set for every market, personalization and localization ready for the audiences tuning in, conversion prompts ready for the sharers and gray-market viewers the match brings to the door.

And underneath all three, one question: are the rights, trust and safety, ad, and customer experience teams aligned and aware of what’s coming? We want to know what each side is expecting before the match, not find out from a spike.

10 Risk response A layered approach

What does redundancy look like if something unexpected gets through?

James
Layer 1

The first principle is that no single signal carries the whole defense. Location, device, and behavior cross-reference each other, so one spoofed input doesn’t open the door.

Layer 2

The next layer is how you respond. Step-up authentication should only trigger when an anomaly actually warrants it. A subscriber who traveled for work and logged in from a new city continues without noticing anything. The genuine account compromise, the login from an impossible location minutes after normal use, gets challenged at the door. Most platforms set that switch too aggressively and end up taxing their best customers. We treat near-zero false positives as the floor, not the ceiling.

Layer 3

The layer that protects the rights relationship is the audit trail. Tamper-proof evidence that you enforced the boundary, ready for the studio or league when they ask. That’s the safety net that turns “we tried” into proof. The goal with all of it is that the legitimate viewer never feels any of it happened.

11 Preparing for the long game Continuous recalibration

The World Cup is a six-week tournament, not a three-hour game. How does that change things?

James

That’s one of the more interesting parts. A single game, you brace for it, you watch it happen, you stand down. Six weeks of multiple matches a day is a different discipline entirely.

The threat patterns shift as the tournament moves. What you see in the group stage isn’t what you see in the knockouts. The audiences change, the stakes change, and the pirates and arbitrage operators adjust with them. So you don’t set it once. You recalibrate per stage: watch how the proxy, spoofing, and sharing patterns actually behaved in one round, and tune for the next. It’s continuous calibration, not a fixed setting.

And there’s a compounding upside most platforms don’t price in. Apart from building more precise user profiles to deliver the best content and ads, every clean window is evidence. A World Cup, an Olympics, a Champions League season you came through without a leak is a track record you can put in front of a rights holder. Over time, that’s what earns you preferential treatment for the best content in the next negotiation.

The playbook Pre-game checklist

What to ask your vendor partners before a major event

What James described isn’t a set of heroic fixes deployed under pressure. It’s a repeatable process, refined across years of major live windows. Here’s the framework, distilled for any platform team, risk team, rights team, or revenue team thinking about readiness going into a high-stakes event.

0 / 8 verified
01

The attackers prepared the moment the draw was announced. If your content-protection plan kicks in two weeks before kickoff, you’re reacting to infrastructure that’s been built and tested for months. Final checks happen in the last month. The real work needs runway.

02

“Roughly the right country” isn’t an audit answer. The question is whether your enforcement matches the exact boundaries in the rights deal, and whether it holds across web, mobile, smart TV, and set-top box. A gap in one environment is the one that gets found on match day.

03

Most modern piracy runs through residential proxies that look identical to a local fan on an IP check. If your defense is built on IP geolocation and VPN blacklists, ask specifically how you catch the residential proxy that never lights them up.

04

A family sharing a login across a city and a ring sharing credentials across a continent look the same through a network-origin lens. The question isn’t just whether you can detect sharing. It’s whether you can distinguish intent precisely enough to prompt an upgrade without locking out a real subscriber.

05

A viewer whose stream dies mid-match doesn’t wait around. That’s a churned subscriber, a refund request, a chargeback, a reputational disaster or a lost acquisition opportunity that the event was supposed to deliver. Anticipate what happens in the single busiest second of the game and ensure your platform is load-tested against that spike.

06

When the studio or league asks how the content stayed inside its territory, “we tried” isn’t enough anymore. The question is whether you can hand over irrefutable, tamper-resistant proof. That evidence is increasingly a condition of the licensing deal itself.

07

A single-game approach applied to a six-week event will either overspend or under-protect. A real plan observes the threat patterns in each stage and recalibrates for the next. Static settings for a dynamic event is a red flag.

08

The verified-location signal that enforces your rights boundaries is the same signal that commands higher CPMs, powers personalization, and converts gray-market viewers into paying subscribers. If protection and growth are running as separate workstreams, you’re paying for the same intelligence twice and using it once.

Same signals, multiple jobs
The intelligence layer
Location, device, behaviour & identity
Rights

Keeps a stream inside its licensed territory.

Revenue

The cleanest audience signal you can offer an advertiser.

Trust

Tells a household from a sharing ring.

Content protection and revenue growth don’t have to be separate workstreams. They can run on the same intelligence layer. The verified-location data that keeps a stream inside its licensed territory is also the cleanest audience signal you can offer an advertiser, the thing that tells a household from a sharing ring, and the trigger that turns a fan walking into a stadium into an engaged subscriber.

The next major window is already on the calendar. The question was never whether it would be targeted. It’s whether your platform is the one that handled it, or the one explaining to a rights holder why their content ended up somewhere it wasn’t supposed to be.

Want to talk through what event readiness looks like for your platform?


James Clark | GM Media & Entertainment

Leading GeoComply’s Media and Entertainment division, James helps organizations use location to secure their services, reduce fraud, and protect their users. He has been involved with the ever-evolving challenge of secure media delivery throughout his career in the digital entertainment sector. James combines a technical understanding of security technologies with extensive experience working closely with businesses to fight piracy and fraud.

Related Posts

Match ready: How GeoComply prepares for the biggest moments in sport

The ATO ring hiding in plain sight

Here’s to the next chapter: DraftKings renews multi-year agreement with GeoComply