A/B watermarking is about static content on CDNs...

For every segment in a video there will be two versions. Every user will get a unique sequence of segments served to them.

Wait, that’s a brilliant way of encoding a watermark without having to embed it within a stream per user.

If a single video has say 100 segments, you get more than enough unique combinations to guarantee uniqueness. There would of course have to be a mapping between user/device ID and segment order.

Netflix puts flat MP4s on the CDN, the segments all reference different offsets within the MP4.

Have you inspected the contents of their CDN servers? Because assembling an mp4 on the fly from segments is not difficult. Especially if they condition them to have identical sizes.

I have indeed inspected the contents of their CDN servers. The URLs have an auth token in them but you can edit the range parameters to grab the whole mp4 in one go without invalidating the auth.

Then this is either an exploit or more likely the mp4 file is virtual. You can find out if you are so inclined by grabbing it from two separate accounts using two separate devices (or keys) and then compare how many of the segments are identical.

Also, I assume the file in question is 4K content. Don't know about how they treat other types.

The normal way to do it would be to deliver different byte ranges per user

Isn't it trivial to know all the segments if they are static?