You can just make it harder you can't stop it. If they can see it they can get it. A lot of people trap for the right click and give them a pop up instead saying copywrite.

Welcome to Webmaster World!

that's not going to stop a truly interested party from taking the copyrighted material.

Here we go again!

The ONLY way you can protect anything (without distortion) is by not putting it online. If you're worried about my granny stealing your photos -- then you'll probably be safe with whatever you choose. But, other than that -- there is NOTHING that can be done.

As soon as the page has loaded in the browser, the image has already been saved.

Welcome to WebmasterWorld, judithem

Unfortunately once it's on the web there is little you can do to stop it from being downloaded. Digital watermarks are your best bet. But there are other options, although they are not really viable as they need plugins and increase download time. These include Java applets and Flash (although, this can be quite easily got around).

It's a fact of web life - it it's online, it's anyones!

This is all theory, but ...

If you have access to your server, it's possible to change the MIME-type of any file extension, on a directory by directory basis. For example, if you stated that any .jpg files in your CSS directory had a MIME-type of text/css, you should successfully be able to rename a stylesheet from style.css to style.jpg, and link to it as if it were a regular stylesheet.

So in theory, you could rename all the .jpg's in your images directory to .doc's, .html's or maybe even .exe's if you're feeling vicious, and change the MIME-type of that extension to be image/jpg.

Once on the Windows desktop, unknown .exe files, or seemingly corrupt Word documents should be off-putting enough for the casual thief.

Has anyone tried anything like this. Does it work?

I would expect any half-decent browser would use its MIME type -> filename extension mapping to suggest a filename with the right extension. In a quick test with Mozilla it appended .jpeg to the filename.

Denied! Oh well, so much for theory ... ;)

This is the way it is on our brave new world of technology.

You can copyright and print a glorious book in hard cover - and with easily available OCR and image scanning the whole thing is easily copied and pirated. You can release a "copy protected" CD or DVD, and within a few hours the whole thing is available for free file sharing.

Of course, none of that is legal - but protecting your Intellectual Property (IP) rights requires pro-active work. There's no way you can use your IP today and not make it available for theives. And for most of us, using it is the whole point.

>>simple way to prevent visitors from downloading photographs<<

Hello and Welcome.

I have a huge problem with ripped-off photos and I've found that the DMCA is the photographer's best friend.

You can't stop them from stealing your pics, but you CAN get them removed AFTER they've gone to all the trouble of putting your pics on their site.

It only takes a simple email to their ISP using the correct phrasology required in the DMCA.

Plus...

The valid point is always made that you can't stop people from downloading and copying your photos if they really want to... but you can avoid problems with other people downloading / copying your photos who don't know any better and might not actually try to do it if they did know better.

I've found the following relieves me from having to send emails about every week or so, asking people not to link directly (which I had to do when I first set up my site...)

1) Link the thumbnail photo to a javascript popup which contains only the title bar (no menu or address or status bar). The popup contains a larger thumbnail and some information about the photo. When the larger thumbnail is clicked, a second piece of javascript closes that popup window and opens a second pop up window in a completely different directory with a completely different filepath (contained in the external .js file).

2) Add <meta http-equiv="imagetoolbar" content="no"> to the meta tags in the second popup containing the jpeg.

3) Set the jpeg as the background of the second popup, but place a div to cover the whole page, the background of which is a repeating transparent gif.

4) Set a copyright notice to come up when the right mouse button is clicked.

5) Add a visual, translucent watermark containing the site URL to the jpeg image.

For someone who knows what they're doing it's very easy to crack that: once the second popup comes up, press CTRL+N, and then disable javascript in the browser and try to copy (though this would just give you the transparent gif), then download the css file to find out the filename.

Or alternatively go through Temporary Internet Files and guess at the scrambled filename by checking through all the large size files in the cache.

But I guess this would be too much hassle for a geocities site owner who just wanted a couple of free photos for their site.

Anyway, as you can see from 5), in the end I added a watermark regardless.

Wow, you guys are great!

Today I made a copyright pop up for the right click, and it looked great on all my pages on the hard drive.

So, I uploaded it.

No go.

( Off Topic: I don't write java, I paste and work it. I write in notepad from an html POV [my background is typography]. I am getting more accustomed to style sheets and to recognizing aspects of the javascript. Ten years ago I was a web developer, but had gotten out of it and moved on to other things. Just this month, well, ... I'm back -- alot goes on in a decade, eh? That's sooo true with technology. )

Back to what I was saying just now,

Why is it that a decent carefully fine-tuned script which works so fine on a hard drive then disappears once uploaded to a site?

Thanks again for reading my l'il query.

--judithem

Why is it that a decent carefully fine-tuned script which works so fine on a hard drive then disappears once uploaded to a site?

Really, it doesn't - so do a thorough double check.

1. Did you place the script in the <head> section or in an external .js file?

2. If it's in an external file, did you upload that file as well as the revised HTML file?

3. Did you upload all files to the right directory on the server?

4. Do you see the script whan you go to the online page and View Source?

5. Did you call the script on every page you want to protect (that is especially, on the page that isn't testing properly for you?)

Assume that there is some oversight you can discover - maybe even a typo that crept in somehow.

ok, I want to try to explain this one...

Instead of loading an image you use an iframe to specify a source page that will actually load the image. The source page dynamically displays the image depending on the value of the variable that is passed in the querystring.

<iframe src='" & image_location & "' scrolling='no' marginwidth=0 marginheight=0 frameborder='no'>

where your 'image_location' variable can contain some randomly generated characters along with some sort of code to indicate the location of your image. (easily done with a database driven site)

show_image.asp?image= *whatever you come up with*

Then the source page (show_image.asp) decodes the querystring and loads the image.

AND to keep people from simply trying to load your source page directly you set a session cookie to some random mix of characters (the longer the better) before loading the source page, check for the cookie before loading the image, then kill the cookie after the page has loaded.

After blocking the right click and whatever other nasty things you do on the page, hiding the location of the images this way will usually make Joe Surfer give up.

Of course you can't stop everyone, but it sure is fun playing with them!

Has anyone pointed out (in this thread) that blocking right-click is a bad idea? No?

It's a bad idea. I can't be the only user who navigates almost entirely using the right mouse button. More than that, I habitually select and click on pages whilst I'm reading. Every so often, when I find a site that refuses to allow me to do that... I leave. Immediately.

It's important that you understand it's not some principaled objection -- simply that your site isn't usable without the ability to use my browser controls.

Any mechanism you choose short of physically marking the image can be circumvented simply by dragging your image into an image editor (for single images), or setting a page spider up to pull your entire site (for all your images). So you might as well just go with watermarking, and quit annoying half the users who visit your site with ignorant, immature and ineffective scripting.

Oh, and it isn't Java; it's JavaScript. The only thing the technologies have in common is the first four letters..

[edited by: BlobFisk at 8:09 am (utc) on May 25, 2004]
[edit reason] Removed profanity. [/edit]

If this photographer is a professional, they may already have an account with Digimarc. It's priced a bit too high for casual user, but if this is someone's livelihood, they should consider it.

You can use Photoshop to embed a Digimarc DIGITAL watermark in an image that does not affect the appearance of the image. But if you ever find it used in a pirated situation, you've got immediate proof of who owns the image.

asquithea> Yes, I agree blocking right-click is generally a bad idea... that's why I only use it on independent pop-ups containing a photo and nothing else... that's fair enough, isn't it?

Otherwise I have to spend up to half an hour every day writing to people to say: "Well done on your new website - if you want to copy and use my photos, please download a copy of the photo and then upload it to your server rather than linking directly and having your users suck several megabytes of bandwidth off my server every day." And then some people write back and say they're on a web-based CMS which doesn't allow file uploading (yes, they do exist) so all they can do is direct link...

Honestly, I started off doing this, but I quickly tired of how many emails I was having to send off each day.

There is no point in blocking right-clicks if, in doing so, you are trying to prevent your images being copied 100%. But if you're trying to deter those people from doing it who inadvertently don't realise the copyright and bandwidth-related issues there is a lot of point.

I don't block right clicks anywhere else on my site.

What bandwidth issues are there? I didn't think right-click saves were making another call to the server, just saving the file that was already downloaded.

--

There was a great article in Wired last year about Intellectual Property and Copyright. The main point was that a creative person's biggest worry today is not whether they get ripped off, but whether they can find a wide enough audience.

Your "protection" just might stop the best viral marketing you could hope for. Food for thought.

> It only takes a simple email to their ISP using the correct phrasology required in the DMCA.

I got curious and did a search to find out what DMCA is. I doubt that those four letters would impress my ISP.

Admin Note

I moved the related javascript discussion to the Javascript Forum:
[webmasterworld.com...]

if you want to copy and use my photos, please download a copy of the photo and then upload it to your server rather than linking directly and having your users suck several megabytes of bandwidth off my server every day

Ronin, is there a reason why you don't just block hotlinking instead? (apologies in advance if this is a stupid question)

No, it's a very good question.

I'd love to do this but as far as I know it's only possible with an apache server. My host is a diehard M$ worshipper - no, really - and I can't for the life of me fathom why.

Why do I stick with my host and his Windows server setup? Because, in exchange for some exposure for his company on my site, I get err... free hosting.

Which makes it worth putting up with a few little inconveniences.

But if you know what I'd need to do to prevent hotlinking on a windows server, I'd be delighted to hear it.

Incidentally, inspired by this thread, I tried something this afternoon which would mostly obviate the need for a right click blocker - which, in any case, as I said before, is only good for deterring novices.

It worked a treat in IE, Moz and Opera (!) and it permits full use of the right-click button in all three for navigation etc. while keeping your image "relatively" safe.

In an external .css file write:

#photo {position:absolute; z-index:1; width:100%; height:100%; background: url(photo.jpg) top left no-repeat;}
#glass {position:absolute; z-index:2; width:100%; height:100%; background: url(glass.png) top left;}

Then in the html code write:

<div id="photo">&nbsp;</div>
<div id="glass">&nbsp;</div>

That's it.

Anyone who tries to look at the source won't be able to guess the filepath or filename of the image, because it's in the .css file, not the .html file.

Anyone who tries to copy the image by right-clicking will get "glass.png" which, for test purposes was a 60x60 pixel transparent PNG, stretched over the entire viewport using CSS.

Oh, and switching off styles in Opera or Moz just means everything disappears.

The obvious ways for a more experienced user to then find the file is either to download the css file and read it, or access it via the W3C jigsaw parser (at a guess most people wouldn't know enough to do this) or else go to their Temporary Internet files folder and narrow things down by guessing roughly how large the jpeg is in terms of kilobytes and then clicking on a few filenames to find it. (But this last option can always be performed in every case - it's infallible).

I've run into some support trouble with that approach on IE Mac (and AOL Mac of course). I guess there's trouble with every approach in some way. But IE Mac is not a small factor, it's 5% or more on some of my sites.

Given that it's graphic artists who most worry about protecting their IP rights, they would also tend more towards a Macintosh user base.

I am trying to find a simple way to prevent visitors from downloading photographs from the photo gallery.

Let's go back to the original question of a simple way to prevent downloading.

Solution: Check the user agent identification. Only allow Lynx to access the site.

Of course, clever people can change the user agent name.

But no one else would be able to see the images in any way at all.

Stated problem solved.

One problem - Lynx can be set to generate links to all inline images. (Press '*', ISTR). Then highlight the link to the image you want and hit 'd' to download it...

Good point, py9jmas!

So a better solution is to use URL rewiting to route all requests for images to a single image.

That could be a graphic that says "we don't trust you enough to use this site"

That, like the Lynx suggestion, may not be very practical. Indeed, both maybe commercial death for the site.

But it does meet the primary stated aim of being simple.

Does anyone know if the DigiMarc works if they use alt-print screen or screen aquire in Gimp?

Along the lines of making things difficult for would-be stealers. . .

I've heard of a commercial software that "protects" your images by slicing the image into a bunch of little pieces, naming the pieces randomly and reassembling them all into a table that looks just like the original image.

This seems like it would work pretty well (except against a printscreen), and the basic operation doesn't seem too complicated to script (not that I would be able to write it, of course, but somebody could).

Has anyone had experience with this method?

I love to use Mouse Gestures (involving right-click) to go Back in history, so disabling my navigation would annoy me no end. If this were the case, I might be tempted even more to steal your images, just for the sake of it- I'd do this with a press of PrntScrn, or else Ctrl+U to view the source of any popups.

Very interesting. I would like to try this.
Since I'm a newbie, I'd better ask a question or two before I begin, just to be sure I get it.

Where do I put the external .css file? In the same WWW level as my html or the same one as the photo(s)? It's a question of nesting -- I'm unclear as to where to put it.

Do I fill in where you've written (photo.jpg) with each single photo (there are about seventy) within those parens in the code? So that I duplicate the line for each photo, and the .css file contains the tag for each of 'em?

Do I put the associated HTML code in the header part of the HTML file with the photo(s) in it?

Oh, and if a visitor right-clicks and sees glass.png, can they go Back or does it mal affect their experience of the page visit?

re:
>> #photo {position:absolute; z-index:1; width:100%; >> height:100%; background: url(photo.jpg) top left >> no-repeat;}
>> #glass {position:absolute; z-index:2; width:100%; >> height:100%; background: url(glass.png) top left;}

>> Then in the html code write:

>> <div id="photo">&nbsp;</div>
>> <div id="glass">&nbsp;</div>

I truly appreciate your thinking on this subject.

If I feel I know how to apply this code, I'm going to try it out.

Please answer my newbie questions at your convenience. I'm always open to comment and suggestion.

Thank you,

JudithEm

ditto JudithEm.... I absolutely LOVE clever people!