Thread

Moderator’s note: Moved to General.

Hi folks,
I’m redesigning a website for an artist in EE and she wants some protections for her images so they don’t get downloaded. Right now, her current site uses javascript right-click and text-select disablers, and the gallery is built in Ajax, so that even if you open the source code, look for the image path, and put the image path in the browser, you can’t get the image.

The javascript stuff I obviously could reuse, but not going anywhere near the Ajax thing. I can obviously put a blank index.html in the images folders (in fact already did), but I was hoping to go a step further and still protect the images when you directly access them in the browser.

First…when I google ‘image security html’ or whatever, I keep getting a website for HTML Guardian, which looks like it could be really cool (it even prevents ‘save as’ downloading, use of the clipboard, print screening, and printing from the website. Both text and images!) Sounds worth the $40. Has anyone use this or any other extra software for protecting web content?

Second, from what I can tell, it looks like server-side software. Would it work with EE? Anyone have any idea if this is worth testing/buying to find out? What are the chances that EE and HTML Guardian won’t play nice with each other without serious tweaking which I am less capable of doing and don’t want to charge her for?

Thanks!

Hi Lynnei,

Please don’t take this the wrong way but really I wouldn’t bother with paying for any software that says it can do what it says it can do regarding any media that a person can either see or hear on their screen. As soon as the person has seen the image then they can get it. I don’t care what software makers say it is a fact that once the image has been shown on screen then it is available somewhere, either in the browser cache or by finding the direct link using something like Firebug on Firefox or other ways. Stopping use of the clipboard and snapshot utilities is also impossible. Try doing that to a Mac and you will have no luck at all.

Also you are imposing on peoples computers with these kinds of softwares and I have even seen cases where peoples computers have stopped working because of one of these types of software.

The unfortunate fact of the matter is that if you show an image to someone on a screen then they can definitely get at it. If on the other hand you want to protect certain images if for instance you were getting people to pay for the image before they can download it then that is totally possible but not if you are just trying to protect images on a totally open to the public site.

I would say don’t waste your money but I would like to hear other peoples views on this of course.

In the end it really all comes down to exactly what your site is offering and who to.

Sorry if this sounds negative but just wanted to ward you away from any software that claims it can do these types of things as they can’t, not fully anyway.

Best wishes,

Mark

Agree with Mark - I’ve not seen anything yet that will prevent this successfully, I wouldn’t waste a penny on this software.

My suggestion would be to add some sort of watermark to the images. They’ll still be able to download them, but at least you’ll have some degree of copyright in place - that will probably be as good as it gets though.

I’m redesigning a website for an artist in EE and she wants some protections for her images so they don’t get downloaded.

Don’t put them on the Internets. Sorry if this sounds harsh, but that is the only reliable, guaranteed-to-work method I am aware of. The next best thing would be to reduce the resolution in which they are available, and/or watermark them. Everything else is bound to fail if the attacker is determined and/or knowledgeable enough, and will quite possibly alienate casual users in the process.

Right now, her current site uses javascript right-click and text-select disablers

See what I mean? You mess with my context menu, I’m out of there in no time and won’t come back again.

I can obviously put a blank index.html in the images folders (in fact already did)

That prevents the listing of images, yes. You could also simply tell the server not to do it, but an index.html is fine.

but I was hoping to go a step further and still protect the images when you directly access them in the browser.

Not really feasible. You could use some referrer checking, see if the request comes from an “authorized” webpage, refuse the request if not, but… what’s the point? I can simply pull it out of my browser cache, or, if it comes to the worst, use a screen shot. Nothing you can do about it.

First…when I google ‘image security html’ or whatever, I keep getting a website for HTML Guardian, which looks like it could be really cool (it even prevents ‘save as’ downloading, use of the clipboard, print screening, and printing from the website. Both text and images!)

The print screen button is an operating system level control outside of the scope of JavaScript. I would really like to see how it prevents such low-level system calls like the use of the clipboard. (Actually, it doesn’t: I just tested their demo page, it didn’t work with Opera. Ctrl-A Ctrl-C worked flawless. I suppose an ActiveX script could do it, but you’d be stupid to allow that in the first place.)

What it does, however, is “encrypting” your website using javascript, which means you are locking out users who have turned it off, and perhaps more importantly, all known spiders and search robots, including the Googlebot. Personally, I think people should be more concerned about being found, and drive traffic to their website, than worrying about people stealing their “code”.

Second, from what I can tell, it looks like server-side software. Would it work with EE?

Probably not, but I have no experience with it.

Sorry for the harsh assessment, but if you put content out there on the web, people are going to be able to download it; this is the point of it, after all. You cannot let them have and not let them have it at the same time.

Why can’t you display the images in a Flash slideshow of some sort? Then the images cannot be directly accessed?

Sorry to put this idea down but nearly all of the flash galleries out there use an XML file or something else that you can see either in the source or by snooping the network connections to the browser so again if you can see it you can grab it! There’s just no way of stopping this kind of thing I’m afraid.

Sorry! :down:

Best wishes,

Mark

Wow, I think this artist doesn’t know it yet, but she doesn’t really want a website. I wouldn’t waste your time on silly software or obscure workarounds. If it’s on the ‘net, someone can get it. Heck, I’ll just take a picture of my screen, if I really want an image and it’s impossible to get otherwise. And if a screen capture won’t work, I’ll take a picture of my screen with my digital camera. You get the picture!

I know that I, for one, will never go back to a site where I see they’ve disabled right click. That’s just evil.

I think this client needs some education on what the web is, what it’s for, and how it works. I would advise putting a watermark on the images, and maybe a link to a legal page that says “don’t use my images.”

Whoa, now, guys, chill out…this was an inquiry before the fact, because I was interested in finding out more data on something I don’t know much about, and the advice about not wasting money on the software is much appreciated and I won’t. It’s not like I was about to jump out and get it and finger poised on the button. I literally had never heard of it or its type before and was asking people wiser than me what they thought.

Secondarily, yes, she will be watermarking the images, and she knows there are limitations on keeping people from downloading. So just chill, kids! Yeesh. I feel like the bottom of a pig pile here. 😊

Really, what I’m interested in doing is making it more difficult for people to download images. The majority of users on her site won’t know anything about caching or even really checking out the source code and linking directly, so the javascript stuff is probably fine for basic protection. And they aren’t the sort of users who would huff off if the right click is disabled. They probably wouldn’t even notice. Yes, maybe .0001% of her users might get annoyed, the few high tech readers who happen on the site, but a whole lot of them still haven’t gotten the hang even of screenprint-edit-crop, to be honest, so if that’s still available it’s not the end of the world. It would have been nice, just as an added bonus, but if the software I mentioned inclines to too many client-side interferences that could spell trouble like browser-crashing, I would never touch it.

In the end, you have to deliver a product the client wants. If she wants right-click disabling to discourage the average, and I mean average, person from downloading, I’m going to do it. You can blame me if you want, but the fact is, I gots to get paid. 😊

Hi LynneL (Swear your name was Lynnei before?),

Sorry if my reply came across as a bit brash it wasn’t meant to. It was just when you said that it sounded worthwhile purchasing I just wanted to warn you before you did do so as they really aren’t worth a penny of the money spent on them.

As you say though this is entirely down to your client and if they want to pay for it then yes it is totally down to them. Always good to point out the reasons for not having it though as it makes them respect you more I think. Perhaps warn them of what might happen and then if ever anything weird does happen down the line at least you told them first.

I wish you all the best with this one, not an easy one at all.

Best wishes,

Mark

I was more concerned about the “this person really just shouldn’t have a website” comment…I mean, it’s not a binary decision. There are levels and there are levels. There are some very sensible solutions, which I’m already employing…one is, of course, that all her images are going to be resized to no more than 400 or 500 px anyway, so they are pretty much useless for stealing unless you’re stealing for screen resolutions.

Frankly, a lot of website owners out there are concerned about copyright. Yes, I know, you put it out on the internet and people can steal it (I do, after all, write original works for my own blog). But to dismiss someone who’s concerned with copyright infringement (ie the lessening of the value of their original works) by saying they shouldn’t even bother to have a website is rather dismissive of the client, instead of trying to figure out amenable solutions that at least afford them some peace of mind.

If I did that to all my clients I’d soon be out of a job.

Lastly, I’m a little taken aback by the reaction of “if you use existing technology to change the way your website works so I can’t do some things like right click, I’ll leave your site.” I mean, half of what one does in CSS/CMS design is control the way a site works…how it looks, how it operates, the navigation of the data, etc. Yes, you have to balance controlling the user’s experience with certain things, like accessibility, or user-controlled elements (like using em instead of px for font sizes) but controlling the user’s experience is part of designing a website. To my mind, the person who feels this way is rather rare, and usually a techhead. I don’t design sites for techheads (unless a client comes to me with that as their audience). I design sites, usually, for the average user out there. It’s all a balance, and a compromise.

And as a techhead (somewhat) myself, I don’t share that antipathy. So I just don’t get it. *shrug* Unless someone uses software that crashes my browser (which is why I will avoid said software), I generally don’t care as long as it makes sense, the site is navigable, and I can get what I need from it. The web is a tool for content delivery. No more, and no less.

If you’re referring to my comment, “this person really just shouldn’t have a website” is not what I said. I said “doesn’t want a website”. My sarcasm didn’t work there. What I was getting at, is it sounded like the artist wants a printed brochure rather than a site, considering how much thought and effort was going into the “content delivery”. If the medium itself is a problem…change the medium.

If someone disables my right-click, I don’t trust them, period. I have other things in my contextual menu that I may want to use (like “Bookmark this page”, “add to del.icio.us”?)and some random site is saying I can’t use them? Seems skeevy to me, like using the blink tag or attempting to change my browser’s scrollbar or window size, which are also existing technologies. You change my browser window, I leave. Maybe I’m a rare user, and if so, then no need to be taken aback by my comments - you can safely ignore me as I’ll be in an extreme minority anyway!

Good luck on the project, and I hope the artist, and the artist’s users, get what they need!