My company delivers programming instructions for products we sell in both streaming video (hosted on CloudFront) and pdfs (hosted on Amazon S3). We don't want for our customers to be able to take the content out of these PDFs, save the PDF, or be able to share the link. At the same time, we don't want for people to be able to streal the video (we're less concerned with the videos).
I've been racking my brain trying to figure out the best options on securing this. What are the limitations with PDF security, at the end of the day, can you stop them? Or at least make it really hard?
Unless you create and deliver your data in custom format, your own viewer with built-in content protection mechanisms, you are out of luck. Everything you deliver to the client can be captured, copied and distributed. With PDFs and video streams this is trivial.
If you can suffer the PDF generation overhead, you could individualize the PDFs by putting the customer's name on each page. Turn off editing as well, and that'll discourage people. It'll still be quite possible to get around these, of course.
Related
DISCLAIMER :) :)
Some of them may think it's not relevant for discussion as it does not
fit here. Why not? As I think in StackOverflow we find smartest people
around the globe. Even if I try to create in other StackOverflow
domains it won't be that visible.
NOTE: So if your the kind of guy who is trying to pull this down. Please
have some pity on me as I won't get good answers in other Q&A sites
like Quora
I would like to understand how companies like UDEMY protects the videos that are not allowed to download. I know they cant just fully protect but can harden it via various methods. Some of them what I found is as follows:
In Udemy I saw with point 3. Sounds interesting.
Starting from basic one
1. Disable right-click to download (Can be hacked by disabling the browser js).
2. You can use custom video libraries or no download options but god knows how fairly it plays. As I was able to download that kind of video.
3. Using BLOB URL for the video, this downloads the video in bytes. (Kind of secure using but can use HLS video downloader)
4. Can use On-demand live HTTP video streaming from Amazon or Vimeo but over time they may cost much price.
5. Then I read about large giants like Netflix, Amazon Prime uses multiple streaming files which will be stored in different chucks. Which makes it harder to download.
Any other ways you guys might have found an interesting way to harden it would love to hear.
AT THE END OF THE DAY USER CAN STILL SCREEN RECORD YOUR VIDEOS DAMMMMMM IT!
Streaming IS downloading. If you want someone to be able to watch a video, you MUST let them download it.
The way large sites protect the content is not through downloading, but by encrypting the files BEFORE they are downloaded. Then the player knows how it request the decryption key from a DRM server.
For more information, read about DRM and EME on Wikipedia.
I am working on an App that will have a bunch of pictures and videos the user will need to have. The app's mantra is having these videos and pictures available on demand and on the go. However, I am concerned about the app being too fat (big), in essence turning off some customers who prioritize size over substance. The preference has always been to have the customer be able to access these videos from anywhere regardless of 3g/wifi (i.e. local on the device). What are the really good options? Assuming I choose to elect to go the non-local route (i.e. using wifi/3g), what are my options there as well? Please advice. The size of the videos/pics could be up to 1.5GB.
The usual approach seems to be to download and store the videos on demand. A lot of the apps I've seen allow the user to manage the stored videos themselves so that they can remove videos if they aren't going to use them again.
I'm doing a language web site for my university language center, where students login and see videos to learn English. i have to do it like this,
person is logging in to the system, search using a search area and find the details,lessons and videos relevant to that videos. this functionality exactly matches the youtube scenario.
for implementing twitter like functionality we can use status-net, is there a similer library, statusnet like famous implementation for youtube or a some kind of platform or a framework like codeigniter that we can use to implement youtube like site very easily??
please suggest some options?? a open source one or a commercial one ???
and what is the best video format to use in a such web site?? flv?? mp4?? or mov???
regards,
Rangana
Your best option is to use a 'cloud' based video processing service. Most have a sample project / library for many different languages and frameworks. Here is a list of a few I've tried and liked:
http://zencoder.com/
http://transloadit.com/
http://pandastream.com/
The typical steps involve uploading the video files to a large 'cloud' static asset host (such as S3) through the browser. If you are inexperienced it is best to select a processor that provides an uploader (it will handle putting the files in the right spot). Of the three, Transloadit and Panda both have custom unloaders.
Usually the service will allow you to either pass the encoding settings (what formats and qualities to) output to as parameters or configure them in your account. To support all current HTML5 browsers you just need H264 (.m4a) and OGG (.ogv). However, the new trend in the video world is for WEBM (.webm) so you might want to include it as well.
Next you will receive a unique code from the web service that you must store in persistent storage (database). The web service can be configured to 'callback' (perform an HTTP POST or GET request to your service) once the video is encoded.
Once your recieve a callback you can activate your video and start dislpaying it on your pages. For displaying, if you are inexperienced I'd highly recommend you use one of the following players:
http://sublimevideo.net/
http://longtailvideo.com/
http://videojs.com/
They all do similar things for different prices. My current personal favourite is Sublime Video (it offers cool light box effects and a gorgeous player).
Why do you have to re-implement Youtube when you can just use it for hosting your videos for free? Many online e-learning portals (e.g. Khan academy) do exactly that.
As far as the best video format to use -- go read about H.264/AVC. It's what Youtube currently uses.
I think you will not find already built solution ;)
But it's not really that hard. You can use existing frameworks that will make your life easier while you build account management system, the rest shouldn't be really that hard (assuming you don't really want to re-build the whole Youtube ;D ).
For playing videos, you can use JW Player. A great piece of software, you should check it out.
I want to view dynamic contents (flash games, online transaction...etc) offline.
For example, I finish level 1 of this cool flash RPG game.
I go offline and play the level again.
Or, I make a purchase.
And make the purchase again offline.
Of course this won't do anything. It will be strictly for demonstration purpose.
Or, I watch a video online. Go offline and watch it again.
Is this feasible? Whatever I do through browser, it has to download things.
When it downloads, it stores on disk. Then, when it is in offline mode, it routes all traffic out to local disk.
Sounds simple, but is this really possible?
Or am I missing something?
Let's say someone patched a browser to make offline mode much more powerful.
As a web developer, how can I secure my application from this
patched browser?
Let's say I charging my contents (video, game...etc)
per view/use. With this patched browser, people can pay once
and view/use it over and over again.
They might even make a tarball out of their browser cache
and share with other people online.
So, my questions are:
is this patched browser possible?
if it is possible, how can I defend my content against it?
I'm trying to find the original author of the quote: "Trying to make digital content not copyable is like trying to make water not wet."
In your question you describe several different scenarios as if they were similar. They are not. If you have a specific question, then please ask it so that people can focus on addressing the specific case that concerns you.
Let's talk about video (and audio). Essentially, without controlling the client, you can NOT stop the downloaded video from being cached and re-watched. "Patched" browsers exist. In fact, they're not patched. They don't even need to be. FireFox has any number of plug-ins such as "DownloadHelper" which make all of this possible. YouTube goes to some effort to change their system regularly to break DownloadHelper. But they know they can only slow things down.
The only way to control a video download being re-watched is insist on the user using your completely custom plugin or application. The problem is that (a) that costs you much more money, (b) it's more painful for the user.
The other cases you mention - RPG and online transaction... these are different. Often with an RPG or other game, the client portion includes only a part of the code. Some of the code resides on your server. Without a connection to the server, the game cannot be played. You don't have to write it that way, you could make it 100% client... in which case (e.g. for Flash) the SWF file can be downloaded and played again and again, without your control.
But usually those online flash games are part-server in order to do what you say, and make them playable only online and only via the game-writers site.
An online transaction ALWAYS involves a server component, usually encrypted and non-repeatable. They can be secured.
Sorry if the question is confused, as I'm confused myself. I'm working around these requirements:
I'm building a public website where I need to display video.
I need to control what the player looks like
I'm the sole publisher of the video, meaning it can't be on YouTube for example
I need as much protection as possible in terms of protecting the content from being downloaded
So, I've read around StackOverflow and the web, and found lots of suggestions, like numerous flash players, Streaming servers, DRM protocols, services like Panda etc etc.
The problem is I don't understand how everything fits together.
For example, what makes my video content secure?
Is it the player on the client? is it the server that hosts the content? is it the streaming process? who hosts the streaming servers and what difference does this make?
Bearing in mind this is otherwise a very simple site, and is not a business venture.
if you were working around my requirements, what would you do? Could you explain step by step at a high level?
EDIT:
Just based on a couple of answers, I'm not saying no one can ever download my content. And I realize this kind of thing is expensive.
I'm just asking, if you had my requirements, what would you do? And could you explain it to me so i understand?
thanks again
Edit:
Thanks again for all the feedback, I can't vote anyone up as I'm a new user, but your answers have been very helpful.
The one thing I will say, is that my only request was to attempt security, that is 'make it difficult' for most users...that is common in software security.
Some of the suggestions have been just to not even try.
My question was really based around the fact that I know nothing about video deployment on the web, apart form the basic embedded swf flv combo.
Anyway, your info has been very useful though. I'll try a simple "real" streaming service (as opposed to HTTP streaming).
Any other recommendations would be awesome
cheers
"For example, what makes my video content secure? " Nothing.
"Is it the player on the client?" Neither. Anyone can write a client and retain the video content. Remember this. Anyone can write a client. This client can absorb and save your video. Nothing can stop this. Nothing.
"is it the server that hosts the content?" No. Server is only one piece of security. You have to secure the protocol. And the client. And anyone can write a client and retain the video content.
"is it the streaming process?" No. Protocol is only one piece of security. You have to secure the server, the protocol and the client. And anyone can write a client and retain the video content.
"who hosts the streaming servers and what difference does this make?" You host the streaming video servers. Otherwise, you might as well use YouTube.
Edit
"The problem is I don't understand how everything fits together."
"For example, what makes my video content secure?"
These are unrelated. You keep mentioning security, AND not knowing how "everything" fits together.
Here's a suggestion: stop mentioning security -- edit your question to eliminate all references to security and see if you get more useful answers.
Many companies sell streaming media servers. You put HTML in your page that references the streaming media site.
Example. Apple sells Quicktime media server. Read http://developer.apple.com/documentation/QuickTime/Conceptual/QTScripting_HTML/QTScripting_HTML_Document/chapter_1000_section_1.html for lots of information on how to present video from quicktime.
Before you go too far worrying about setting up these secure streaming protocol client server whatevers, make sure you weigh up the cost of your time getting this going, versus the cost of someone downloading your video.
Just to be clear: if your server is sending to a client, then they can copy (download) it. There's no way around it.
Response to your comment:
What I'd probably try doing if you wanted to try to avoid users downloading the files is this (I'll assume you're using FLV files, since they're the de facto standard on the web these days):
Put the FLV files in a non web-accessible directory.
Have a player.swf file request the file via a script on your site, eg: video.php?file=myVideo.flv
The video.php can then perform whatever security checks you'd like: for example, require logins, check the referrer, etc.
If the security checks are ok, then pass through the appropriate video file. If not, then perhaps have a short back-up video which is an ad for your site or something, saying "to watch this video, please come to mysite.com!"
Mostly video streaming sites like Hulu achieve a kind of poor-man's security by using RTMP to transfer the video data. You would need special server software to serve video via RTMP, for example Adobe Flash Media Server or WebORB.
RTMP is a proprietary protocol, so this is a case of security through obscurity; it's non-trivial to download a copy of the video (you can't just grab the file from a URL), but there are programs out there that are capable intercepting the stream and keeping a copy.
2.I need to control what the player looks like
Download and customise a free player like OSFLV.
4.I need as much protection as possible in terms of protecting the content from being downloaded
Forget it.
DRM for FLV exists, but you'll have to pay Adobe a load of money for Flash Media Server and Flash Media Rights Management Server, you'll lose client compatibility and ease of deployment, and in the end it's still breakable. Big old waste of time.
Accept that some people will download your videos, and put a big watermark on them so at least when they do you're getting free advertising.