HeheStreams and Me

This is the long version of what happened with HeheStreams—the operation, the case, the consequences, and what came out of it. It’s the site I started passing around to employers and curious people who wanted more than the headlines, and it’s grown into the place where I write about the parts of this story that don’t fit on a resume or in a press release.

From 2016 to 2021 I ran HeheStreams, a subscription sports streaming operation for NBA, NFL, MLB, NHL games live and on-demand. To run the service, I piggy-backed off their officially licensed streaming services and a dozen other platforms. That means I had no encoding farms, no re-streams—it worked by reverse-engineering each platform’s DRM and private APIs and defeating their authentication and session controls, then delivering the platforms’ own streams over the platforms’ own CDNs.

It wasn’t that trivial—if it was someone would have copied me by now. But I survived five years of active countermeasures against what the US Government said was tens of thousands of customers.

The Southern District of New York called it “sophisticated, calculated, and brazen” and asked for 72 months. I pled in 2023, served 18 months at FCI Thomson, was released in 2025.

Most of what’s written about HeheStreams is either the DOJ’s version or a rewrite of the DOJ’s version. This site is mine: how the operation actually worked, what the charges actually meant, what the press got right and didn’t, and what I think about all of it now that I’m on the other side of it.

If you want the day-job version of me—Ruby/Rails, open source, the technical writing—that’s at josh.mn. This site is the rest.

• The operation — what HeheStreams was, how it worked, what I learned building and running it
• The case — what I was charged with, what the charges actually mean, what the official narrative got wrong

Contact: first name at this root domain. Twitter, LinkedIn, GitHub.