using javascript to disable PrtScr and save/image 3

[wvdba]

I'm working on an issue with a public website that deals with exclusive and copy-righted pictures. i have been asked to prevent people from downloading the pictures (right click / save function) and doing PrtScr to capture the image on microsoft paint. i have seen sites that block visitors from saving pictures. how is this done?
is there anyway to disable PrtScr function?
thanks.

 

[feherke]

Hi

i have seen sites that block visitors from saving pictures. how is this done?

The Force can have a strong influence on the weak-minded.

No such site exists. But some managed to look like they disabled image saving.

is there anyway to disable PrtScr function?

Fortunately that is impossible.


Feherke.

http://free.rootshell.be/~feherke/

 

[wvdba]

thanks Fehereke.
so, how do they manage to disable image saving?
is there anyway to poll keys pressed, and do something accordingly? like when they pressed PrtScr key, do an event?
thanks.

 

[feherke]

Hi

how do they manage to disable image saving?

UTSL. If you had seen such site, look at its HTML source to find out how they did it. Additionally, you could show us the URL.

Note that asking your question in forum250 and/or forum269 may lead you to some success. Flash animations and Java applets handle images as data, so they can display them, but the outer world can not reach them directly. ( Debuggers and decompilers rules, so who really wants, will get the images anyway. )

Feherke.

http://free.rootshell.be/~feherke/

 

[wvdba]

ok, thanks. that's useful information. i shall post it on one or both?

 

[feherke]

Hi

i shall post it on one or both?

Better start with only one of them. The one you know better. ( Note that using a Flash or Java solution for this is a proper programming task, not just adding some additional lines into your HTML file. However, if you search the web you may find some ready to use solutions. )

Feherke.

http://free.rootshell.be/~feherke/

 

[vicvirk]

I'm working on an issue with a public website that deals with exclusive and copy-righted pictures. i have been asked to prevent people from downloading the pictures (right click / save function) and doing PrtScr to capture the image on microsoft paint. i have seen sites that block visitors from saving pictures. how is this done?
is there anyway to disable PrtScr function?
thanks.

Just so you know, someone could simply view the source of the page and find the images.

To make it tough(er), you can embed it as a backgroud image in a css class and encrypt the reference to the css file in a javascript file.

But all that is a wash anyway as the users' browser needs to download the image in order to display it - which means even if they don't physically go out and right-click/view-source/print screen..etc it will still be on their machine once they visit the site.

Why not just watermark all the images - there are very nice ways to do this and the watermark can be placed over an important part of the image.


--------

GOOGLE is a great resource to find answers to questions like "how do i..."

http://www.google.com/webhp?complete=1&hl=en

--------

 

[feherke]

Hi

someone could simply view the source of the page and find the images.

Laziness rules. ;-) In the source code there are lots of relative paths. But in FireFox on the Page Info window's Media tab the images ( including background images specified in CSS ) are listed with URL. And a Save As... button.

Feherke.

http://free.rootshell.be/~feherke/

 

[vicvirk]

Laziness rules.

it sure does!




--------

GOOGLE is a great resource to find answers to questions like "how do i..."

http://www.google.com/webhp?complete=1&hl=en

--------

 

[BillyRayPreachersSon]

Wow - it's been a long time since we've had a "how do I stop people from stealing my..." question.

Even using Flash or Java, the ONLY way to stop someone from stealing your images is to never host them in the first place. There is no other way.

If you do want to put them online, I'd go with vicvirk's suggestion of using a watermark (e.g.

http://www.digimarc.com)

Dan



Coedit Limited - Delivering standards compliant, accessible web solutions

Dan's Page [blue]@[/blue] Code Couch:

http://www.codecouch.com/dan/

Code Couch Tech Snippets & Info:

http://www.codecouch.com/

 

[wvdba]

Thanks everybody. i found some code that will disable right click. but, they can still do Alt+PrtScr, then go to microsoft paint, and paste the whole screen shot. then they can crop the picture and save it. i'm just looking for a way to detect this key stroke so that I can do something else instead of doing a "print screen". is there a way?

 

[Diancecht]

But they are hosted somewhere, so a simple http sniffer will show the requests for that images. Job done.

And no, you cannot disable my PrintScreen, get away from my OS!

Cheers,
Dian

 

[Kirsle]

I've tried solving this problem in the past, myself.

I had the site open in a new window with no address bar and no menu bar (so they can't click "View->Page Source" in the menu, or see the URL to the page to try going to it directly in their browser).

Then I disabled right-clicking so they can't right-click and view source.

Then I disabled text selecting, so click-and-drag does nothing on the page. This prevents them from clicking and dragging the image off the page and into MS Paint directly.

And then for the PrtScr key, I had a script that very rapidly (every few milliseconds) would replace their clipboard with garbage data, so when they hit PrtScr (and thus putting the image onto the clipboard), it would be immediately overwritten before they can "Paste" it into MS Paint.

Some of these tricks will no longer work nowadays thanks to improved browser security, and some of them were never very good to begin with.

---

Nowadays, browsers won't allow a pop-up window to hide its address bar, so visitors can always copy/paste the URL and go to it in a regular browser window.

Browsers nowadays don't allow JavaScript to put any content in the user's clipboard, so the clipboard sabotaging will no longer work either.

This leaves just text selecting and right-clicking, which aren't good defenses at all, since a user just needs to view the source.

And now for some reasons why even in the heyday when browsers were insecure like this, these techniques still wouldn't be foolproof:

* There are screen capture programs that can take a screenshot without using the clipboard at all. They can save the screen directly into an image file all at once. All Linux desktop environments do this, too; hitting Print Screen automatically saves it as an image (or opens a window prompting you for where you want to save the image).

* Even if you could defeat these screen capture programs, a user could view your site inside a virtual machine, and then take a screenshot of the virtual machine window - this way, the virtual machine doesn't even see the PrtScr event from your keyboard, since the host OS intercepts it before the virtual machine can see it. So the virtual OS, and your page, have no idea what happened.

* In Linux at least, with Firefox, I simply need to browse to /home/kirsle/.mozilla/firefox/*/cache, and I can see every cached file Firefox has downloaded. The GNOME file browser will even automatically detect the types of each file, so that, even though the cache files have no extensions, GNOME can still show me thumbnails of the ones that are images, and a quick scan through my cache folder makes it easy to see which ones are the ones I want. In Windows it's slightly more complicated, since Windows won't show thumbnails because it doesn't recognize any file extension, but it's not much harder beyond that.

So, at the end of the day, the best defense against image theft is a good lawyer.

Kirsle.net | My personal homepage

perl -e '$|=$i=1;print" oo\n<|>\n_|_";x:sleep$|;print"\b",$i++%2?"/":"_";goto x;'

 

[feherke]

Hi

so they can't click "View->Page Source" in the menu [gray](...)[/gray] so they can't right-click and view source.

I would probably never notice such "restrictions". I always press Ctrl-U or draw an U shape with the mouse ( that is my FireGestures setting for View Frame Source ).

Otherwise I like your comprehensive list of tricks.

The star is for the virtual machine idea. I should really go through that subject once...


Feherke.

http://free.rootshell.be/~feherke/

 

[wvdba]

thanks so much.
kirsle, specially deserves a star for the informative and detailed "remedies" that may or may not work on this day and age.
thanks everybody.
i'm still working for solutions.

 

[wvdba]

i also noticed that in machines that security is very high in I.E., the java code is ignored and you can still right click and download the image. i like the idea of virtual machine, but, i'm not sure that it's feasible.

 

[1DMF]

One thing I've noticed in Firefox is a new even easier way to steal images, you don't even need to right click for the menu.

Just left click on the image and hold down, then simply drag the image to your mydocs folder and release, it will download a copy of the image direct for you ;-)

you could simplky have Windows Explorer open in the directory you want to save the images, then drag the image to the win explorer task bar, job done!

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Google Rank Extractor -> Perl beta with FusionCharts

 

[1DMF]

One thing I've noticed in Firefox is a new even easier way to steal images, you don't even need to right click for the menu.

Just left click on the image and hold down, then simply drag the image to your mydocs folder and release, it will download a copy of the image direct for you ;-)

you could simply have Windows Explorer open in the directory you want to save the images, then drag the image to the win explorer task bar, job done!

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"

Google Rank Extractor -> Perl beta with FusionCharts