How to Protect from Downloading a Video from a Site

How to prevent downloading images and video files from my website?

No, it's not possible.

If you can see it, you can get it.

Prevent HTML5 video from being downloaded (right-click saved)?


You can't.

That's because that's what browsers were designed to do: Serve content. But you can make it harder to download.


Convenient "Solution"

I'd just upload my video to a third-party video site, like YouTube or Vimeo. They have good video management tools, optimizes playback to the device, and they make efforts in preventing their videos from being ripped with zero effort on your end.


Workaround 1, Disabling "The Right Click"

You could disable the contextmenu event, aka "the right click". That would prevent your regular skiddie from blatantly ripping your video by right clicking and Save As. But then they could just disable JS and get around this or find the video source via the browser's debugger. Plus this is bad UX. There are lots of legitimate things in a context menu than just Save As.


Workaround 2, Video Player Libraries

Use custom video player libraries. Most of them implement video players that customize the context menu to your liking. So you don't get the default browser context menu. And if ever they do serve a menu item similar to Save As, you can disable it. But again, this is a JS workaround. Weaknesses are similar to Workaround 1.


Workaround 3, HTTP Live Streaming

Another way to do it is to serve the video using HTTP Live Streaming. What it essentially does is chop up the video into chunks and serve it one after the other. This is how most streaming sites serve video. So even if you manage to Save As, you only save a chunk, not the whole video. It would take a bit more effort to gather all the chunks and stitch them using some dedicated software.


Workaround 4, Painting on Canvas

Another technique is to paint <video> on <canvas>. In this technique, with a bit of JavaScript, what you see on the page is a <canvas> element rendering frames from a hidden <video>. And because it's a <canvas>, the context menu will use an <img>'s menu, not a <video>'s. You'll get a Save Image As instead of a Save Video As.


Workaround 5, CSRF Tokens

You could also use CSRF tokens to your advantage. You'd have your sever send down a token on the page. You then use that token to fetch your video. Your server checks to see if it's a valid token before it serves the video, or get an HTTP 401. The idea is that you can only ever get a video by having a token which you can only ever get if you came from the page, not directly visiting the video url.


Is it possible to protect from downloading a video from a site

Yes. Never ever show it to anyone. As soon as you do, all bets are off (for less paranoid answer, see last paragraph).

This is the common problem with copy protection: you are unable, by any means, to distinguish between a legitimate user and an adversary (as they may even be the same person).

Edit: re "my users can able to watch the video. but they must not be able to download that video"
Let's try and disassemble this:

  • the user clicks the mouse on your player's "Play" button
  • the click goes through the computer's OS to your player
  • the player sends a request through the network "send me teh videos" to your server
  • (this, by definition, requires that the request goes through the whatever networking stack the user's computer has)
  • the server, if it decides that it's a legitimate player, begins sending data to the user's computer.
  • (this, also by definition, means, that the user's computer is "downloading" the data)
  • *the data comes through the network into the computer (although capturing the data at this stage is more practical for the NSA than for a user)
  • *the OS handles the lower data layers (i.e. "this is a data packet, from $yourserver to me, and should be passed on to $yourapp")
  • *the OS passes the data to the app that requested it
  • the player receives the data
  • *the player transforms the data into a sequence of images (a.k.a. a video) and a sound track
  • *the player sends the images to the OS's display subsystem, or saves it to disk
  • *the display system transforms the images into a format the screen understands
  • *the images flow through a cable into the screen
  • *the images are displayed on the screen (at which point they exit the computer in form of light)
  • the light reaches the user's eyes

Your video can be intercepted (and/or modified) at every point marked with * (although quality of the copy may decrease, esp. when capturing the analog output). Unless you can somehow eliminate each and every of those (good luck with the last one), all you can do is make the data capture/transform more complex. There's a whole industry built around these "weak points" (google "stream ripping" to see for yourself).

You can complicate the capture with various DRM technologies, but in the end, the data stream must become analog video and analog audio (a.k.a. light and sound) somewhere.

However, if you don't care that a determined user will bypass your protection, and if it's enough to protect the video from 90% of users, I believe the Real formats that you mentioned do have some flag "don't allow save". This will disable the "save as" option in the player (i.e. the "or saves it to disk" option above); for most users, this will be a significant enough barrier. Anything more will probably inconvenience and anger 100% of your users, while not providing significantly more protection.

How to stop videos from being downloaded from my website

You can use Amazon Elastic Transcoder to transcode your videos to HLS(HTTP Live Streaming). HLS use segments of the encrypted video from s3. This will prevent downloading of videos from s3.

https://aws.amazon.com/elastictranscoder/

How to protect video from download Vimeo

I contacted Vimeo and they don't have option to protect the video from downloading in the way I mentioned. And I guess most of the competitors are the same unless they clearly market they offer DRM support.

Here is a snippet from their reply to me:

------------ Vimeo Reply -----------

Unfortunately, online video distribution is inherently insecure in this way and no form of protection or security has 100% fared against the might of online piracy. We are always working to improve the security of our player, but as technology grows and users become savvier, the inevitable reality is that online videos are becoming less secure.

Some solutions for preventing unauthorized downloads include DRM or file encryption, which are features we do not currently offer for Vimeo members. Advanced techniques like DRM would substantially increase the cost of hosting your videos, and we want Vimeo to be as affordable as possible to as many people as possible.



Related Topics

PHP Ftp_Nlist Is Not Working

How to Turn Off PHP Safe_Mode Off for a Particular Directory in a Shared Hosting Environment

Php.Ini Is Nonexistent Loaded Configuration File (None)

Executing a Shell Script in Background with PHP

How to Compile on Linux to Share with All Distributions

How to Get Output of Proc_Open()

Package 'Php5-Gd' Has No Installation Candidate

PHP Post Data Over Vpn

How to Zip Folder Without Full Path

Can't Install PHP Package on Centos

How to Send Email from Localhost Wamp Server to Send Email Gmail Hotmail or So Forth

Check If Download Is Completed

How to Convert String to Boolean PHP

Include Constant in String Without Concatenating

PHP File Listing Multiple File Extensions

How to Check If a Row Exist in the Database Using Pdo

How to Solve Incompatible with SQL_Mode=Only_Full_Group_By in Laravel Eloquent

PHP - Secure Member-Only Pages with a Login System


Leave a reply



Submit