There is a huge misconception here...
Youtube doesn't hide the url of the video files.
If the final URL is a blobURI (blob:https://www.youtube.com...) it is because what the MediaElement displays is actually a MediaSource Object.
They do fetch different ranges from different encodings and compose the data to be presented on the fly. This way, they are able to downgrade the quality if they see they didn't had time to fetch the upcoming part of the video.
But all the requests are clearly visible in your dev-tools' Network panel and anyone willing can actually compose themselves a full file.
So once again, this is not a piracy protection whatsoever.
Also note that since blobURIs are URIs that do point to the local memory of the web-browser if you can display anything from a blobURI, it means it's already too late to try to protect it (since already downloaded and available in memory).
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
