I'm currently planning to build a website for training videos, but the material will be costly and I want to avoid users from freely downloading videos.
I've seen some of the questions asked on here already but they all seem quite old, so maybe things have changed. Is there a way to stop this from happening or a service you can pay for?
Playing a video is downloading a video. So no, you can’t stop somebody from downloading it, if you want them to play it. For control of how it’s played after it’s downloaded, you need DRM. Many live video platforms have DRM options.
Related
DISCLAIMER :) :)
Some of them may think it's not relevant for discussion as it does not
fit here. Why not? As I think in StackOverflow we find smartest people
around the globe. Even if I try to create in other StackOverflow
domains it won't be that visible.
NOTE: So if your the kind of guy who is trying to pull this down. Please
have some pity on me as I won't get good answers in other Q&A sites
like Quora
I would like to understand how companies like UDEMY protects the videos that are not allowed to download. I know they cant just fully protect but can harden it via various methods. Some of them what I found is as follows:
In Udemy I saw with point 3. Sounds interesting.
Starting from basic one
1. Disable right-click to download (Can be hacked by disabling the browser js).
2. You can use custom video libraries or no download options but god knows how fairly it plays. As I was able to download that kind of video.
3. Using BLOB URL for the video, this downloads the video in bytes. (Kind of secure using but can use HLS video downloader)
4. Can use On-demand live HTTP video streaming from Amazon or Vimeo but over time they may cost much price.
5. Then I read about large giants like Netflix, Amazon Prime uses multiple streaming files which will be stored in different chucks. Which makes it harder to download.
Any other ways you guys might have found an interesting way to harden it would love to hear.
AT THE END OF THE DAY USER CAN STILL SCREEN RECORD YOUR VIDEOS DAMMMMMM IT!
Streaming IS downloading. If you want someone to be able to watch a video, you MUST let them download it.
The way large sites protect the content is not through downloading, but by encrypting the files BEFORE they are downloaded. Then the player knows how it request the decryption key from a DRM server.
For more information, read about DRM and EME on Wikipedia.
We've made an application where two people can video chat with each other using TokBox, but are running into a lot of technical issues surrounding WebRTC and TokBox itself. I know that Twilio recently launched a Javascript version for their video service, but both TokBox and Twilio seem to be aiming for larger scale publish/subscribe operations. It also isn't as far along as TokBox.
Are there other services out there that can do web video 1 on 1's? Perhaps some that don't use WebRTC and therefore don't have the problems we are facing?
I can't help but to think back to ChatRoulette and similar apps.
If what you need is an application that needs to run within the context of a browser, then WebRTC is your only choice when it comes to the technology to use. There's just nothing else there now that Flash is officially dead.
If you need it to run purely inside a packaged PC/mobile application, then you can use something other than WebRTC, but I don't really see the need for that.
When using real time video technologies, one aspect to look at closely is the quality of the network you are using. The questions I usually ask myself are things like does Skype/Hangouts/FaceTime run any better? If the answer is "yes they do", then the problem is in the implementation you have done/used. If the answer is "no, they are just as bad" then you probably can't do a lot better either.
For alternatives, you can check out the vendors listed in this WebRTC Develoepr Tools Landscape: https://bloggeek.me/webrtc-developer-tools-landscape/
I don't know what you mean with "a lot of technical issues surrounding WebRTC and Tokbox itself", but I do know Tokbox handles millions of 1:1 streaming minutes every day, without issues, and it can even handle sessions with 1 publisher and 3000 subscribers at the same time, so, maybe the technical issues are not there, but in another place...
what is the best way to make podcasts available on a website, in a more interactive way possible.
I have to use Wowza? how does it work? how to create a stream to the user's liking of several hundred files already recorded, these podcasts are episodes of a radio show ...
is there a way to 'tag' and listen to the audio at will?
I can not be more specific in my question, sorry.
Wowza allows on-demand streaming and live streaming.
+ you can use server-side playlists, i mean you can create live feed from already recorded files, so that will behave like TV.
IMO Wowza should be ok for your project, however some consultant/developer will be needed.
Wowza should work well for what you are trying to do. I would contact their team to have them help tell you specifically what you will need.
I want to view dynamic contents (flash games, online transaction...etc) offline.
For example, I finish level 1 of this cool flash RPG game.
I go offline and play the level again.
Or, I make a purchase.
And make the purchase again offline.
Of course this won't do anything. It will be strictly for demonstration purpose.
Or, I watch a video online. Go offline and watch it again.
Is this feasible? Whatever I do through browser, it has to download things.
When it downloads, it stores on disk. Then, when it is in offline mode, it routes all traffic out to local disk.
Sounds simple, but is this really possible?
Or am I missing something?
Let's say someone patched a browser to make offline mode much more powerful.
As a web developer, how can I secure my application from this
patched browser?
Let's say I charging my contents (video, game...etc)
per view/use. With this patched browser, people can pay once
and view/use it over and over again.
They might even make a tarball out of their browser cache
and share with other people online.
So, my questions are:
is this patched browser possible?
if it is possible, how can I defend my content against it?
I'm trying to find the original author of the quote: "Trying to make digital content not copyable is like trying to make water not wet."
In your question you describe several different scenarios as if they were similar. They are not. If you have a specific question, then please ask it so that people can focus on addressing the specific case that concerns you.
Let's talk about video (and audio). Essentially, without controlling the client, you can NOT stop the downloaded video from being cached and re-watched. "Patched" browsers exist. In fact, they're not patched. They don't even need to be. FireFox has any number of plug-ins such as "DownloadHelper" which make all of this possible. YouTube goes to some effort to change their system regularly to break DownloadHelper. But they know they can only slow things down.
The only way to control a video download being re-watched is insist on the user using your completely custom plugin or application. The problem is that (a) that costs you much more money, (b) it's more painful for the user.
The other cases you mention - RPG and online transaction... these are different. Often with an RPG or other game, the client portion includes only a part of the code. Some of the code resides on your server. Without a connection to the server, the game cannot be played. You don't have to write it that way, you could make it 100% client... in which case (e.g. for Flash) the SWF file can be downloaded and played again and again, without your control.
But usually those online flash games are part-server in order to do what you say, and make them playable only online and only via the game-writers site.
An online transaction ALWAYS involves a server component, usually encrypted and non-repeatable. They can be secured.
Sorry if the question is confused, as I'm confused myself. I'm working around these requirements:
I'm building a public website where I need to display video.
I need to control what the player looks like
I'm the sole publisher of the video, meaning it can't be on YouTube for example
I need as much protection as possible in terms of protecting the content from being downloaded
So, I've read around StackOverflow and the web, and found lots of suggestions, like numerous flash players, Streaming servers, DRM protocols, services like Panda etc etc.
The problem is I don't understand how everything fits together.
For example, what makes my video content secure?
Is it the player on the client? is it the server that hosts the content? is it the streaming process? who hosts the streaming servers and what difference does this make?
Bearing in mind this is otherwise a very simple site, and is not a business venture.
if you were working around my requirements, what would you do? Could you explain step by step at a high level?
EDIT:
Just based on a couple of answers, I'm not saying no one can ever download my content. And I realize this kind of thing is expensive.
I'm just asking, if you had my requirements, what would you do? And could you explain it to me so i understand?
thanks again
Edit:
Thanks again for all the feedback, I can't vote anyone up as I'm a new user, but your answers have been very helpful.
The one thing I will say, is that my only request was to attempt security, that is 'make it difficult' for most users...that is common in software security.
Some of the suggestions have been just to not even try.
My question was really based around the fact that I know nothing about video deployment on the web, apart form the basic embedded swf flv combo.
Anyway, your info has been very useful though. I'll try a simple "real" streaming service (as opposed to HTTP streaming).
Any other recommendations would be awesome
cheers
"For example, what makes my video content secure? " Nothing.
"Is it the player on the client?" Neither. Anyone can write a client and retain the video content. Remember this. Anyone can write a client. This client can absorb and save your video. Nothing can stop this. Nothing.
"is it the server that hosts the content?" No. Server is only one piece of security. You have to secure the protocol. And the client. And anyone can write a client and retain the video content.
"is it the streaming process?" No. Protocol is only one piece of security. You have to secure the server, the protocol and the client. And anyone can write a client and retain the video content.
"who hosts the streaming servers and what difference does this make?" You host the streaming video servers. Otherwise, you might as well use YouTube.
Edit
"The problem is I don't understand how everything fits together."
"For example, what makes my video content secure?"
These are unrelated. You keep mentioning security, AND not knowing how "everything" fits together.
Here's a suggestion: stop mentioning security -- edit your question to eliminate all references to security and see if you get more useful answers.
Many companies sell streaming media servers. You put HTML in your page that references the streaming media site.
Example. Apple sells Quicktime media server. Read http://developer.apple.com/documentation/QuickTime/Conceptual/QTScripting_HTML/QTScripting_HTML_Document/chapter_1000_section_1.html for lots of information on how to present video from quicktime.
Before you go too far worrying about setting up these secure streaming protocol client server whatevers, make sure you weigh up the cost of your time getting this going, versus the cost of someone downloading your video.
Just to be clear: if your server is sending to a client, then they can copy (download) it. There's no way around it.
Response to your comment:
What I'd probably try doing if you wanted to try to avoid users downloading the files is this (I'll assume you're using FLV files, since they're the de facto standard on the web these days):
Put the FLV files in a non web-accessible directory.
Have a player.swf file request the file via a script on your site, eg: video.php?file=myVideo.flv
The video.php can then perform whatever security checks you'd like: for example, require logins, check the referrer, etc.
If the security checks are ok, then pass through the appropriate video file. If not, then perhaps have a short back-up video which is an ad for your site or something, saying "to watch this video, please come to mysite.com!"
Mostly video streaming sites like Hulu achieve a kind of poor-man's security by using RTMP to transfer the video data. You would need special server software to serve video via RTMP, for example Adobe Flash Media Server or WebORB.
RTMP is a proprietary protocol, so this is a case of security through obscurity; it's non-trivial to download a copy of the video (you can't just grab the file from a URL), but there are programs out there that are capable intercepting the stream and keeping a copy.
2.I need to control what the player looks like
Download and customise a free player like OSFLV.
4.I need as much protection as possible in terms of protecting the content from being downloaded
Forget it.
DRM for FLV exists, but you'll have to pay Adobe a load of money for Flash Media Server and Flash Media Rights Management Server, you'll lose client compatibility and ease of deployment, and in the end it's still breakable. Big old waste of time.
Accept that some people will download your videos, and put a big watermark on them so at least when they do you're getting free advertising.