Image Copy Protection Ideas?

Discussion in 'Programming & Software Development' started by SouthernMunk, May 10, 2005.

  1. SouthernMunk

    SouthernMunk Member

    Joined:
    Dec 27, 2002
    Messages:
    669
    My brother wants me to create a website for him to show off his art (he's a tattoist amoung other things). We've been discussing methods to make his pictures non-savable, and I came up with the following. However, I need to know whether or not these ideas are possible (I know some of them are).

    1) Preventing Saving through the browser:

    * Disabling right-click with Javascript.
    * Using Farner Replacement Method for images (e.g., an image as the background of a division).

    2) Preventing Saving through the cache:

    * Is there a PHP function or HTTP header that forces the client not to store the webpage in cache? Would this also work for proxy servers?

    3) Preventing Access through the URL:

    * Do most web hosts allow you a portion of the HDD as storage apart from your domains document root? The images could be stored here and not accessed via a URL as they are not an online resource.
    * Is there a way to change Apaches permissions to individual files (pictures in this case), so that it disallows any direct request, but allows it if it is part of the page. I guess I'm really asking, do GET requests differ in terms of when it is typed into the browser address bar, and when it is automatically requested by the browser as a part of a page?

    4) Preventing Print Screen:

    * Splashing the images.

    I know it's virtually impossible to prevent all forms of stealing copyrighted material, but I'm trying to come up with some ideas to make it less likely they'll be saved.

    Thanks in advance! :D
     
  2. Deltoid

    Deltoid Member

    Joined:
    May 24, 2003
    Messages:
    9,515
    Location:
    Brisbane
    What if someone views the source of the webpage? They will see the image reference then.

    Perhaps have the actual source of the pages kept in a private directory which is accessed from the index page and displayed on the index page. That way when someone looks at the page source of the index page they will just see that the contents is replaced with private\page1.htm or whatever and then when they enter www.domain.com.au\private\page1.htm they will have an error for directly accessing the page due to it being private.

    How you set that up I don't know. But something you should take into account as most times pages have right click disabled I just view the source to get what I want.
     
  3. Wizardx8

    Wizardx8 Member

    Joined:
    Jan 2, 2002
    Messages:
    2,742
    Location:
    Singapore
    You will never be able to truly stop it, true. Why doesn't your brother just watermark all of his images?
     
  4. OP
    OP
    SouthernMunk

    SouthernMunk Member

    Joined:
    Dec 27, 2002
    Messages:
    669
    I realise that you can easily get around this particular method, which is why I'm going to be using a combination of them (which can still be foiled, I know, but the user is not going to bother too much unless they really want the picture).

    The server will have PHP installed. I can include() or require() pages that will disallow you to view them directly, if that is what you are talking about (this is just PHP, not talking of server permissions).

    So back to one of my original questions, does the server differentiate between a direct request for a file (e.g., the user types in www.site.com/picture.bmp) and an automatic request for a file (e.g. www.site.com/index.htm contains <img src="picture.bmp" />)???

    I mentioned 'splashing' the images. I meant watermarking them.
     
  5. Deltoid

    Deltoid Member

    Joined:
    May 24, 2003
    Messages:
    9,515
    Location:
    Brisbane
    Yeah that is what I meant. That way they cannot view the source to see where the picture is from. So combine that with no right click and then they shouldn't be able to view the image source. Unless they use the properties key on the keyboard (does that work when right click is disabled?).

    I think it can differentiate. I rmeember when I did some cgi programming for uni if you put files I think in the private directory (??) you cannot directly access them.

    Something like that. It was the only web programming unit I did and it was awhile ago so can't really remember now.
     
  6. phreeky82

    phreeky82 Member

    Joined:
    Dec 10, 2002
    Messages:
    9,515
    Location:
    Townsville
    just watermark them

    i assure you that myself and many others could get around this in no time at all, it's not that difficult if you understand http headers etc.

    if you truly want to go as close to impossible as you can though:
    - watermark them
    - put in a folder not available via the web, and read in via a php document which also ensures it is being requested within a valid session (i.e. a document sets a session variable, which the image php script requires)
    - make the page set cookies, and require them after a refresh, or use javascript to decode some stuff to obtain an image ID
    - add those dodgy javascript things to try and prevent people from getting the page source
    - try and "trick" them by not actually placing an img tag, but instead place the image url in a dynamic css page (to check it's also part of the session) as a background of a div.

    you have to:
    - prevent people getting to the page source to obtain the url to the image. first you'd use those weird javascript things to prevent people obtaining the code from the browser. but then you have to prevent them just using telnet etc to obtain the source, so you have to make the source as hard to decode as possible - make it set a cookie, and the refresh a page reading in the cookie to check it's a browser. also try using complex javascript to generate the image url and set it dynamically.
    - prevent people just grabbing the image via the url through telnet - so ensure it checks that it is part of a session

    basically all of this is just useless though if the person knows what they are doing.
     
  7. OP
    OP
    SouthernMunk

    SouthernMunk Member

    Joined:
    Dec 27, 2002
    Messages:
    669
     
  8. Deltoid

    Deltoid Member

    Joined:
    May 24, 2003
    Messages:
    9,515
    Location:
    Brisbane
    It might not even be possible in the language (I dont know php).

    But if you include the contents of another page in your index page shouldn't you only get a line saying something like <include-content: http://www.domain.com.au/private/page1.php> rather then the actual code from page1.php inserted where it is.

    If it actually inserts the code there then I don't know what to do. I think with HTML when you do an insert you just see the include tag and not the actual code from the page.

    That way you keep the page in a protected directory to stop direct access to it that way the users can't see the img tag at all.

    EDIT: looking at your code I think the way php uses that include is like it does in C or something liek that. You don't want to include the functionality of page1.php. You just want to display its content. Maybe it can't be done with php. But I did it in html on a website I had years back.
     
    Last edited: May 10, 2005
  9. MrSnuffy

    MrSnuffy Member

    Joined:
    Jun 27, 2001
    Messages:
    1,392
    Location:
    Hobart
    Someone could just take a screenshot.

    If the pics can be displayed, they can be saved.
     
  10. Kurt

    Kurt Member

    Joined:
    Jun 27, 2001
    Messages:
    802
    Location:
    Canberra
    You could create a gallery using flash, but printscreen still works. Basically, if you dont want images to be saved, don't put them on the net.
     
  11. Lando

    Lando Member

    Joined:
    May 11, 2002
    Messages:
    401
    Location:
    The Valley of Doom
    damm..beat me to it!

    Really there is no point to trying to and "copy protect" the images other than watermarks. Most people if they know what they are doing will get around most copy protection mesures. Adding things like javascript, disabling right click etc, does very little if you have scripting turned off, and is only going to limit the number of people that are able to view them, which defeats the whole point of showing them to start with.
     
  12. OP
    OP
    SouthernMunk

    SouthernMunk Member

    Joined:
    Dec 27, 2002
    Messages:
    669
    Beat all of you to it. They WILL be watermarked (or 'splashed'), and therefore they can't claim it as their own, even if they do capture the screen image.

    I know there are many many ways to get around all of this stuff. You can disable Javascript for the right click option, cross reference the html source with the dynamic external stylesheet with the Farner Replacement method, and even edit cookie values for authenticatication. Like I said, anyone who knows how to get around these measures (and could be bothered to) will.

    But the average user will not. I liked your suggestions phreeky82, of storing the images outside of the servers document root (a suggestion which I had already written). Do most web hosts allow you storage outside of the document root? And how would one transmit the image when it is not stored in the document root (with PHP or without)?
     
  13. Myne_h

    Myne_h Member

    Joined:
    Feb 27, 2002
    Messages:
    10,234
    There is a simple rule regarding the copy protection of ANY media.

    If it can be read, it can be copied.

    This goes for everything. There is no way around it ever. DRM will come, it will pass, and that fact will remain.
     
  14. systemdown

    systemdown Member

    Joined:
    Oct 14, 2003
    Messages:
    716
    Location:
    Brisbane 4107
    I may just be ignorant, but how exactly does that work? Would not the screenshot only capture the value of each pixel in whatever colour depth the screen is at, which may upset the watermark? Of course I'm assuming that the values of pixels are what matter here (which the watermark algorithm 'embeds' itself into, like steganography? am I correct in this assumption?). I would've thought that the pixels would get altered somewhere along the display / conversion / screenshot process.. or if not, I stand corrected.
     
  15. Myne_h

    Myne_h Member

    Joined:
    Feb 27, 2002
    Messages:
    10,234
    Seen watermarks on tv? They're the logo of the channel that's transmitting them. If you were inclined to record and re-distribute that material, you'd be sending it with the original logo still embedded. It's impossible to remove the watermark without it being blatantly obvious.
    A watermark on a picture would be the photo with say a logo or a name over it. It's often possible to crop corner logos, so people often put it faintly across the centre of the image.
     
  16. phreeky82

    phreeky82 Member

    Joined:
    Dec 10, 2002
    Messages:
    9,515
    Location:
    Townsville
    as has been said they can always just do a screen capture, so there's not much point to it all.

    when you say "Would not the screenshot only capture the value of each pixel in whatever colour depth the screen is at, which may upset the watermark?" i'm not sure how you expect it to affect the watermark???

    you'll be putting a flat (read: single layer) image on the net, only at the quality/res it will be viewed at, on the net. they can see it at that quality, so they can save it at that quality - so people put a watermark across the image, as removal would require substantial stuffing around in photoshop or similar and would not result in a good image normally.

    remember: if you're putting low-res versions on the web, and he doesn't care about people getting those (i.e. imagine a 400x300 image of a painting on the web - it's useless other than for viewing on the web at that size) then there is no real problem.
     
  17. evil-mooo

    evil-mooo Member

    Joined:
    Jun 12, 2003
    Messages:
    503
    Location:
    Perth, WA
    I would like to know how "Google Books" protects their material. It seems pretty foolproof.
     
  18. aussie7

    aussie7 Member

    Joined:
    Jul 3, 2001
    Messages:
    1,958
    Location:
    Maroochydore QLD
    I went through all of this for my dad's art site about 5yrs ago and at the time settled on displaying the images as java applets, stoped everything except print screen

    Now dad just makes his images 400x400 .jpg files which are fine for viewing on the net and this stops others from enlarging his images to poster size, which is what he wants to sell them as

    Basically if you can't stop print screen from the viewers computer then all attempts are useless

    Some web hosting services also offer the ability to stop hot links to your images, which is when someone posts a direct link to your image on your host. My new host for my dad's site has this feature
     
  19. n000b

    n000b Member

    Joined:
    Jul 4, 2002
    Messages:
    2,489
    Location:
    Melbourne
     
  20. Audiobuzz

    Audiobuzz Member

    Joined:
    Jun 27, 2001
    Messages:
    952
    Location:
    Adelaide
    Any good host will allow it (if not by default then at least on request).

    You would need a php (or other server side script) interface which serves up the files after doing any required checking first. This way you link to the image as <img=http://www.mydomain.com/myimagescript.php?image=001> which to the browser is an image file but to the server is a script to run first then send the image. That way you can at least stop people linking to your images directly from external sites. It won't stop someone grabbing the image to a local copy though.

    AB

    [edit: the above post is basically what I'm refering to with some checking at the start]
     
    Last edited: May 10, 2005

Share This Page

Advertisement: