I've tried solving this problem in the past, myself.
I had the site open in a new window with no address bar and no menu bar (so they can't click "View->Page Source" in the menu, or see the URL to the page to try going to it directly in their browser).
Then I disabled right-clicking so they can't right-click and view source.
Then I disabled text selecting, so click-and-drag does nothing on the page. This prevents them from clicking and dragging the image off the page and into MS Paint directly.
And then for the PrtScr key, I had a script that very rapidly (every few milliseconds) would replace their clipboard with garbage data, so when they hit PrtScr (and thus putting the image onto the clipboard), it would be immediately overwritten before they can "Paste" it into MS Paint.
Some of these tricks will no longer work nowadays thanks to improved browser security, and some of them were never very good to begin with.
---
Nowadays, browsers won't allow a pop-up window to hide its address bar, so visitors can always copy/paste the URL and go to it in a regular browser window.
Browsers nowadays don't allow JavaScript to put any content in the user's clipboard, so the clipboard sabotaging will no longer work either.
This leaves just text selecting and right-clicking, which aren't good defenses at all, since a user just needs to view the source.
And now for some reasons why even in the heyday when browsers were insecure like this, these techniques still wouldn't be foolproof:
* There are screen capture programs that can take a screenshot without using the clipboard at all. They can save the screen directly into an image file all at once. All Linux desktop environments do this, too; hitting Print Screen automatically saves it as an image (or opens a window prompting you for where you want to save the image).
* Even if you could defeat these screen capture programs, a user could view your site inside a virtual machine, and then take a screenshot of the virtual machine window - this way, the virtual machine doesn't even see the PrtScr event from your keyboard, since the host OS intercepts it before the virtual machine can see it. So the virtual OS, and your page, have no idea what happened.
* In Linux at least, with Firefox, I simply need to browse to /home/kirsle/.mozilla/firefox/*/cache, and I can see every cached file Firefox has downloaded. The GNOME file browser will even automatically detect the types of each file, so that, even though the cache files have no extensions, GNOME can still show me thumbnails of the ones that are images, and a quick scan through my cache folder makes it easy to see which ones are the ones I want. In Windows it's slightly more complicated, since Windows won't show thumbnails because it doesn't recognize any file extension, but it's not much harder beyond that.
So, at the end of the day, the best defense against image theft is a good lawyer.
Kirsle.net | My personal homepage
Code:
perl -e '$|=$i=1;print" oo\n<|>\n_|_";x:sleep$|;print"\b",$i++%2?"/":"_";goto x;'
