The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

How to disable picture stealing from website?

I need a little help thinking this problem through. I have a website designed for a client. They are a photographer. Is there a way that I can make the pictures they want to display on their website secure in a sense that someone cannot download the work. I know how to disable the "right-click" menu but there are other ways to get at the content I am sure. Any thoughts would be helpful.

Tuesday, December 02, 2008
Trying to cripple the user's browser by disabling menus is a waste of time. The best approach is to watermark the photographs that are on the site.
John Topley Send private email
Tuesday, December 02, 2008
You can't stop people taking images from a site and using them elsewhere. Once they are on the client computer, you have lost them.
Scorpio Send private email
Tuesday, December 02, 2008
I agree. A watermark would be the best "security".

If your client wants to offer hi-res images on the site, you could create a restricted access section for privileged visitors.

You could also embed them in flash. That would make it a "little" more difficult. But, there's no stopping somebody from just taking a screen capture to get the same content.
Jordan Sherer Send private email
Tuesday, December 02, 2008
As others have said there is absolutely no way to protect images. If the browser can download and show them then the user can get to them.

However, there are ways to help prevent non-technical users from being able to save them. One way is to put a transparent image over top of them so that when the user right clicks to save the image it saves the transparent bitmap instead. But they can still do a printscreen and save the image that way.

So the most you can do is stop completely non-technical users and annoy the technical ones. So the watermark probably ends up being the most viable option for most sites.
Tuesday, December 02, 2008
One possibility is to make sure that the images on the website are low enough resolution that they would not be useful to someone (other than for casual purposes).

Combined with a watermark this might be enough to dissuade "casual" copiers.
Tuesday, December 02, 2008
Disabling the right-click menu is a VERY bad thing to do.  Most users who right-click are actually trying to open a link in a new window, or bookmark the page.  They will not be happy if you break their browser and accuse them of trying to steal from you.

Not to mention that most right-click disabling scripts only work in one browser.
Tuesday, December 02, 2008
Watermark or low-res ONLY. Don't drive their customers away. And hey, while you're at it, stay off the flash :)
Tuesday, December 02, 2008
Try not displaying them.
Wednesday, December 03, 2008
Create your own picture format and then write the relevant picture viewer for each browser/platform you want supported.

The picture viewer will need to do something clever for display like writing directly to the video card to prevent Print Screen.

They could still take a picture of their monitor though :-)
Wednesday, December 03, 2008
Lowres is a good enough solution for putting on the web. Then even if they get the picture, they can't print it or do anything useful (professional) with it.

Beyond that, if you don't want something taken, don't put it out in the public. Display in a private gallery or in print in person.
Wednesday, December 03, 2008
If the client is disturbed by low-res reflecting badly on their images, do a low-res full image with a companion full-res partial image. Does that make sense?
David Aldridge Send private email
Wednesday, December 03, 2008
You're confused about what it is you're trying to do.

You are not trying to prevent people from downloading or copying the picture. By the mere fact that you have published it on the web, you are trying to get people to those things.

Once it appears on their browser screen, it has already been downloaded and copied.

What you *are* trying to do is control what people can and cannot do with it once they have downloaded it.

In other words, you have asked "How can I remotely control, from my public website, what people do with a picture on their own computer's hard drive?"

Answer: You can't. It's impossible. Forget about it.

If you don't want someone to have something, don't give it to them. Once you give it to them, your involvement is over.
Devon Grey
Thursday, December 04, 2008
The transparent image will be enough to stop most people really.  You can either set the background image via CSS use javascript to mangle the url name.

They are downloading the image, so its impossible to prevent them from doing anything.  The key measure to a prevention method is time to protect.

One fairly time consuming method against the attacker would be to have your javascript encoded.  Have it decrypt to a script dependent on the environment (such as the current url) to be set correctly to do phase 2 decoding.

Even more time consuming would be to break the picture into smaller piece that you use javascript to layer over each other.  Then the attacker can only gather the piece of the image.  They then have to put them together, which can take a while. 

Another complication would be to create a script that takes an image and creates javascript that will create div elements with background colors that reproduce the image.

But ultimately, a screen shot will provide the attacker with a very low time to recover the image.

The best strategy is as was posted above, not to expose any image you do not want taken.  Just expose an altered version of it.

Friday, December 05, 2008
Well, 99.99% of all the site's likely users will be sufficiently technical that disabling the right-click menu (just for the image, preferably) using JavaScript and a few CSS hacks will stop them doing anything you object to.

But if they care enough, they'll find someone to do it for them, anyway.

If your customer wants that, then just do it - though you should mention that it won't help as much as they might expect.

The real question to ask is why they want to stop people saving a copy of the website to their hard drive. And, really, a decent watermark on the image will be enough to cover most sensible requirements.

Sunday, December 14, 2008
As other have already said , once the image is in the computer it would not be possible to prevent it for further use by the user.However I feel protecting the image using copyright is more useful , even you can put a legal note.

Watermarking is also great.
Rahul Bhattacharjee Send private email
Wednesday, December 17, 2008

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz