Jump to content

Image Security


natimage

Recommended Posts

After reading much about image security this weekend, I've settled on the fact that if I put my images on the web, I am taking a risk that someone could steal them.

 

But, I'd like to make it require a little more effort. So, I started working with a file I didn't care about and came up with an idea. There is one problem I don't know how to fix, though. Is there a way to make a table load completely before any of it is viewed? Meanwhile...links and a little "please be patient" text would load outside of the table.

 

You can check out what I did HERE. Do me a favor and pretend you are an "image thief" (stinkin' rascals). Tell me if what I've done presents any kind of challenge at all. Like I said...I was playing. The files are way too big and I would like the table to show only after the entire table is loaded!

 

Tracy

TCH Stones

Link to comment
Share on other sites

this one?

 

horse.jpg

 

I like a challenge :)

 

OK, I admit, I had to cheat slightly - yes it did give a challenge, and to be honest I don't think there is a real way round the route I took.

 

I think it would deter the average nasty rascal.

 

Now to the other half of the problem - delaying the table display.

 

Andy

Link to comment
Share on other sites

Geez...it could have taken you a little bit longer, you know!!! :) No, I'm sure plenty of people could get it (although I wouldn't mind knowing the route you took...did you just do a screen capture and put the two together?)

 

Anyway...thanks for looking and tackling my challenge. I thought it might be similar to the slicing theory without creating zillions of little files.

 

Tracy

Link to comment
Share on other sites

Hi,

 

Yes, I tried the usual ones - right click, file save...

 

Then just went for a straight screen capture - which is difficult to get round.

 

I'm just playing with an idea though to see if it will work. If you have a thumbnail of your image (which you don't mind them stealing anyway). When you click on it, it opens a new browser window, the size of your image - no menu, resize or anything else. Which closes on again on any key or mouse click... Not sure it will work, but I'm just having a play :)

 

Andy

Link to comment
Share on other sites

Try this:

 

><html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<script language="javaScript1.1">

var myimages=new Array()
function preloadimages(){
for (i=0;i<preloadimages.arguments.length;i++){
myimages[i]=new Image()
myimages[i].src=preloadimages.arguments[i]
}
}

preloadimages
("http://www.naturalimagesweb.com/Images/horse1.gif","http://www.naturalimagesweb.com/Images/horse2.gif")

</script>

</head>
<body>
<table width="600" border="1" align="center" cellpadding="0" cellspacing="0">
 <tr>
   <td width="568" height="409" background="Images/horse2.gif"><img src="Images/horse1.gif" width="568" height="409" hspace="4" vspace="1"></td>
   <td> </td>
 </tr>
 <tr>
   <td> </td>
   <td> </td>
 </tr>
</table>

Link to comment
Share on other sites

:) I tested it. rt click, 'save picture as' works fine. You said you were trying to prevent people from saving the picture? Back to the drawing board.

 

Basically, if you post it publicly, it is out of your control, unless you want to get involved in chasing down your pictures by doing track searchs looking for the ADS hidden streams embedded in the pic. Some image software allows for copyright labels to be embedded, like Corel, but otherwise, so if someone steals your work, you can always go after them with the proof. I always put some kind of visual copyright notice on the image. The key is to not post stuff publicly that you don't want to be distributed or if you do, be sure to id the pic and post an image use policy.

 

dogbert

Link to comment
Share on other sites

I tried to right click and the window closed. Dogbert...what browser are you using?

 

Andy...I like it (even if it may not be 100% full-proof)!

 

Will you tell me how, huh, huh, please? :)

 

really, I'm not begging...

Tracy

Link to comment
Share on other sites

step a: mouse arrow over the image.

step b: rt click the mouse to get a dropdown.

step c: select save picture as.

step d: a menu pops up and I select the directory to save it in. In this case, my pictures.

 

It is the same technique for all images anywhere on the web. You can alse left select the image, then drag it to a folder if you want, but that does not work with this one, so the attempt is somewhat successful. You can also use save target as, etc.

 

db

Link to comment
Share on other sites

This is the code I used - it needs a little work to tidy it up.

 

On the first page

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>Untitled Document</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<script LANGUAGE="JavaScript">

function launchpic() {

  about = window.open("test2.htm", "about", "height=365,width=538");

  return false;

}

</SCRIPT>

 

</head>

 

<body>

 

<p><a href="java script:" onClick="return launchpic()"><img src="images/horse1.jpg" width="150" height="101" border="0"></a></p>

 

</body>

</html>

Then on the second page
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>Untitled Document</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<script LANGUAGE="JavaScript">

 

function MM_callJS(jsStr) { //v2.0

  return eval(jsStr)

}

//-->

</SCRIPT>

</head>

 

<body background="images/horse.jpg" onkeypress="MM_callJS('window.close()')" onkeydown="MM_callJS('window.close()')" onmousedown="MM_callJS('window.close()')">

</body>

</html>

 

For better security I think you need to combine this with the method Tracy initially used (otherwise you would have a copy of the full picture in your temporary store on your hard disk).

 

In addition.

 

For good bots I think you need to place the images in a directory where robots are excluded.

 

For bad bots I think you need to include a 'honey trap' (ie a hidden link into the banned area, which then bans their IP if the use it).

 

dogburt, I'm interested as to how you managed to do a right click? I presume you havn't got Java enabled (since it is a Javascript stopping you from right clicking), but then I would have expected you not to be able to open the window in the first place!!! I'll maybe have a play later today.

 

Scott, I was assuming that if you couldn't get to the second window (because all clicks close it, and hence you wouldn't see the source code). How did you see the source code to identify the file? Unless of course you look at the first file source code which gives the name of test2, then you can open test2 directly, and the Java script doesn't work - more work needed .... :)

 

Andy

Link to comment
Share on other sites

Hi,

 

Even if you do the java way, its still possible to capture it.

 

The ONLY way to ensure that your prints are not "borrowed" is to water mark each one of them with a visable water mark. If you plan to sell them, you can provide them without the watermark, but otherwise, you will need to water mark them visually. I know this will spoil your picture, but otherwise as soon as its on the screen, its nickable unless altered

 

Jim

Link to comment
Share on other sites

Good Morning!

 

Jim...I haven't completely tossed away the idea of the watermark. I am planning to at least mark them with a copyright notice! I know I can't get around the risk...but hopefully I can irritate someone who doesn't want to put any effort into their theivery (...is that a word?).

 

Andy...thanks for all your input! I'm going to look into all the things you've mentioned...and I'll look forward to any more tricks you may have up your sleeve!

 

Good day,

Tracy

Link to comment
Share on other sites

Scott, I was assuming that if you couldn't get to the second window (because all clicks close it, and hence you wouldn't see the source code). How did you see the source code to identify the file? Unless of course you look at the first file source code which gives the name of test2, then you can open test2 directly, and the Java script doesn't work - more work needed .... 

 

Exactly.

 

 

 

Dogbert:

 

Everyone understands a right click Save Picture As... what we are asking is did you click on the first image and open the second window (larger image) and still get a right click? Do you have javascript enabled on your browser?

Link to comment
Share on other sites

I clicked on the thumbnail then clicked my print screen button then opened Paint Shop Pro and pasted as a new image... Prints the screen nicely :huh: I know that's not what you wanted to hear... But no matter how many ways you try to protect an image online someone will find a way around it. On my pages Daydreamer's Designs I use a no right click script from Dynamic Drive and use a no image toolbar meta tag <META HTTP-EQUIV="imagetoolbar" CONTENT="no"> which stops the little toolbar in IE from coming up.. This stuff will just slow them down. Those that are really determined to take them will. They can go into their temp files and find the images too... :)

Link to comment
Share on other sites

Did the print screen not close the window? another door to close :huh:

 

I've had a few thoughts during the day to improve things, so I will implement it and add an update for you to try and steal soon.

 

Hopefully we will get it so that there is nothing worth taking in the temp files either - ever the optimist :)

 

Andy

Link to comment
Share on other sites

OK, I've been playing and got a bit further. I can prevent the image appearing in the temp files (thanks to the original idea by Tracy) & I can make all keys close the window - except the print screen :huh: I normaly use Alt-Print screen so had tested for that :)

 

I have to go out for a mtg now & havn't completed enough for folk to test further yet.

 

Back later :)

 

Andy

Link to comment
Share on other sites

OK,

 

with a big thanks to dsdemmin, we have another version to play with.

 

I've branded the horse (sorry about that), but can anyone get a copy of it to paste here?

 

I need to speed up a couple of bits, but that can be done if all the security checks work.

 

At the moment the method also stops anyone else from leeching it from your site, and if they do try it sends you an email saying which site is trying to link to it.

 

Please, do your worst and steal away :huh:

 

http://www.mycoted.com/test3.htm

 

If you do manage to steal it, can you let me know your machine type (PC / Mac), operating system, browser, and rough outline of how you pinched it.

 

On my tests you can't pinch it from a PC with IE, but you can with Mozilla.

 

Thanks

 

Andy

Link to comment
Share on other sites

Hi, Andy!

 

Using IE 6.0, print screen did not work. The image toolbar did come up, but when I attempted to print or save it, only the one image was saved!! If I was at home on my computer, I would have gotten the two individual pics from the temp folder and attempted to put them back together...which is what I was after in the first place...someone to have to put some effort into it!

 

GOOD JOB!! :) :) :huh:

 

I'm going to test it in Netscape 7.0 and will post if outcome is any different!

 

Tracy

Link to comment
Share on other sites

Hi Tracy,

 

Yes, I'd forgotten about the IE image toolbar. I've just updated the page and hopefully got rid of that.

 

As you say, you are going to end up with some information in the temp folder, but it's getting hard work for someone to steal your work :huh:

 

Andy

Link to comment
Share on other sites

WOW very Cool!

what is that about a 5 pixel offset for one of the images?

And maybe a table background image and cell image on top?

cool.jpg

Yes I admit , very hard, and not worth the effort, and should fool most.

hope you don't mind if I play with it.

Had me for a while, til I changed them to rgb to mix them back.

Looked at source for first page, opened second in new window, saved as to get the two images in IE6

coverted to rgb, mixed in PS, offset one image vertically about 5 pixels. Very Nice! :huh:

Link to comment
Share on other sites

Well done, the prize certainly goes to turtle :huh:

 

please feel free to play - It's nearly time for us Brits to go to bed, but I'll happily put up the php script and how it was done tommorrow - I think there are still a couple of tweeks to improve thngs.

 

As people say, it's tricky to stop it completely, but we seem to have made it to hard to be worth bothering about trying to steal an image.

 

Andy

Link to comment
Share on other sites

ok...I was able to capture the image in Netscape 7.0 (I know it is very much like Mozilla). Unfortunately, I am not a home with my imaging programs of preference, so the only way I could save it from the clipboard was as a .bmp. So, I apologize if it doesn't post very well.

 

One thing...when I opened from the thumbnail, the image was not "put together" correctly. Alignment was something I had a bit of trouble with in the beginning. My table cell, background image and inserted image were all the same dimensions, but they didn't line up properly!

 

Anyway...you're making great strides!

I wish I was as smart as you are Andy! :huh:

 

I CAN'T GET THE IMAGE TO POST!!!

...if you are willing to wait for the excruciating download time,

you can view it HERE! SORRY!

Link to comment
Share on other sites

Hi Tracy,

 

Flattery will get you everywhere B)

 

In reality, no smarter than you. It was your idea of how to split the image that made this all possible :)

 

I have been working in Creativity and Innovation for quiet a while now, and one thing I've learnt is that most of the 'impossible' is just tricky, and if you think about it a little from a different perspective then it all becomes possible. I just wish I was a decent programmer who knew about php, html etc. 'cos then it would be a lot easier :)

 

Off to the day job now, but I have some ideas to get round the next set of issues (Netscape etc) & will play again this evening and publish the code and method I've used.

 

Andy

Link to comment
Share on other sites

Hi,

 

15 Seconds - Paint takes 2 long to load on this work machine.

 

Simple task of loading up a non IE browser and pressing "print screen". Open up paint and paste and trim B) I can do the same in IE, just I need to use a freebie package to capture the image.

 

Proof:

 

test.JPG

 

Soz!

 

Jim

Edited by Jimuni
Link to comment
Share on other sites

I sure couldn't snag the pic using any right-click or print-screen, nice piece of work folks, but it was all too easy to snag it from source code. How about a further detraction and convert the essential part of that line to all ASCII?:

 

I'd paste it in here except it's about 3 miles long B)

 

-Ty

Link to comment
Share on other sites

Back home, finished the days work, so time to add a few of the inprovements I've throught of during the day.

 

I doubt we'll cover all non IE browsers, but if we can make it to much hassle for 95% of the folk then I'll be happy.

 

Boxturt, when you got it from the source code, did you read the php file to identify where the hidden directory is? or did you just use http://www.mycoted.com/chimage.php?image=horse1.jpg to get a copy of the file?

 

I think I can stop the latter from within the php code.

 

Andy

Link to comment
Share on other sites

Well, I thought I'd managed to stop you pinching it from the source code.

 

If you got to http://www.mycoted.com/chimage.php?image=horse1.jpg

then you should just get a 404 error saying the file doesn't exist.

 

However if you go to

http://www.mycoted.com/test3.htm

the chimage command should work and you'll get the image.

 

Unfortunately, if you now go back to

 

http://www.mycoted.com/chimage.php?image=horse1.jpg

 

it sill pick it up from your temp file B)

 

Back to a bit more thinking :)

 

Andy

Link to comment
Share on other sites

As a thought for anyone who wants to play with the php script then please go and get a copy of the code from

http://www.thesitewizard.com/archive/prote...ectimages.shtml

 

I cannot place it here due to copyright, but you are free to pick up a copy and modify it.

 

Set up the initial variables at the front to;

  $imagedir = "/home/myhost/public_html/hidden/images/" ;

  $validprefixes = array (

    "myhost.com",

    "www.myhost.com"

  ) ;

  $homepage = "http://www.myhost.com/" ;

note: the /hidden/images/ can be any directories that you create.

 

If you modify the line

  if (empty($referrer) ||

      isreferrerokay( $referrer, $validprefixes )) {

to

  if ( isreferrerokay( $referrer, $validprefixes )) {
then it will stop somebody picking up the image direct from your site using your code.

 

you can see the source code for test3.htm and test4.htm by looking direct on the website.

 

The key bits are;

<body onload=setInterval("window.clipboardData.setData('text','')",20) onkeypress="MM_callJS('self.close()')" onkeydown="MM_callJS('self.close()')" onmousedown="MM_callJS('self.close()')">

which closes the window on any mouse or keyboard clicks and stops use of the print screen.

These only work for IE, but you could put a check in for browser type and use similar commands for other browser types - if only I knew what they were B)

 

The clever bit of splitting the image in two, and using a semi transparent image so that two horrible looking pictures when placed together made a perfect picture was down to Tracy. This effectively means that the temp file at least only has two halves of a picture in, and the thief has to work out how to put it together - as turtle did :)

 

Anyway, I must pop off and catch up with a couple of other things, but I'm sure I'll be back to play with this challenge again at some point :)

 

Andy

Link to comment
Share on other sites

Just saw this, and I think I found the easiest way to capture the images -- I simply used my IP sniffer. It has a HTTP file stream capture mode that saves copies of everything that comes to your machine over HTTP. There is simply no way I know of to prevent that from capturing all image files and HTML source coming in. It's great for debugging some types of web apps as well.

 

The file-splitting thing made it tricky, still. I think that's really the most innovative part of this whole discussion -- bravo to Natimage for that!

 

proof.jpg

Link to comment
Share on other sites

thank you...thank you...thank you!! :D :D :D

 

If I wasn't so bogged down beneath learning "php" right now, I might actually feel kind of smart!! But it just keeps makin' me feel just plain dumb!! :blink:

 

Thanks to Andy for all the thought and effort and to everyone else also! I'm going to print all the useful stuff from this thread and then when I get ready to use it...well...I'll probably have to ask for help understanding everything you guys did!

 

Everyone have a good day, or evening or whatever it may be wherever you are!

 

Tracy

Link to comment
Share on other sites

I hate to burst the bubble.... :unsure:

 

gotit.jpg

 

I looked in history and reopened the page that had the larger image, then I went offline on that browser window, then I tried to click on the image, a warning box poped up that said that the browser was trying to close, I moved the warning box to the side (not closing it) and then did a printscreen, went to photoshop and hit ctrl-v

croped and saved, no aligning was needed.

 

 

I got lucky, and this took me about 30 minuted to figure out....

 

Mr. Bill

 

feel free to edit out how I did this to protect the script.

Link to comment
Share on other sites

You're allowed to burst bubbles :unsure:

 

Not a problem, there are a couple of other ways - if the picture is not the active window then you can do a print screen as well. But if it takes someone a lot of time and effort to pinch it, then as least they will stop and think about things - maybe :)

 

There is no foolproof method, my aim was just to come up with a method based on Tracys' great idea to help make life tricky.

 

Thanks

 

Andy

Link to comment
Share on other sites

Here is a thought,

 

Since you already have the 2 layer concept going, why not leave the image flat and take a 2nd layer and make it a watermark/site logo, then use the onclick command to lift the watermark off the page to reveal the background.... this way if the image browser isn't the active one, any print screen click is going to copy the watermark onto the print and the image will be branded with the site logo. (I don't know beans about java (get it, beans about java, hahaha :blink: ) but I think onclick or onmouseover are valid commands....)

 

(I need a hobby....) :blink:

Link to comment
Share on other sites

you do need a hobby with jokes like that - far to much time on your hands :D

 

That's a good idea. you would probably need 3 layers really, because you don't want a complete picture on any layer - otherwise you get the picture placed in your temp file. Worth a look though

 

Thanks

 

Andy

Link to comment
Share on other sites

Well...let's keep it going.

 

Still thinking on this image security thing, I visited the site of the well-known Colorado photographer, John Fielder. His is the site where I got the "no right click" protection (which I will be removing when I re-design my site in the near future). I wanted to see if he had any other kind of protection going on.

 

From my temporary internet folder, I tried to open some of his images (most were fireworks images). As long as I was connected to the internet, the images would not open. Simply disconnecting broke the protection, but I'm curious as to what kind of settings caused the images not to open as long as the connection was in place.

 

Tracy

Link to comment
Share on other sites

If someone already said this, my apologies... but this is a long thread.

 

I don't want to come off as pessimistic, but if you want it safe, don't put it on the web. There are lots of tricks you can use to foil some folks, but none of it is thief-proof.

 

You're smart to search for a way to protect your content... but realize that there is no perfect solution. It's just a matter of how much trouble you want to go through to get a little extra protection.

 

I did see a site a couple of months back that provided software meant to protect images... but the visitor had to download special viewer software.

Link to comment
Share on other sites

Yes...I think I say that too. I don't want visitors to have to download anything, though.

 

I just want to slow down the would-be thieves! Rest assured, I finally understand the risks and that there is always a way around everything. A couple of weeks ago, I did not understand this!!

 

But it's worth it to me to see what I can figure out!! I'll be redesigning my site before long, and I want to implement whatever I decide on before I even start re-designing!!

 

Thank you, though, for your thoughts! All are appreciated!

Tracy

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...