Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Protecting Yourself From Image Theft

  1. #11
    GreekGoddess
    Guest
    This article came in this month's issue of PC Magazine . It mentions a lot of what I already covered, some in more depth, and others I had not mentioned. I thought it would be a good supplemental read to what I already posted here, because you can never get enough information on a topic.

    Protecting Web Images
    Image theft is rampant on the Web. Can it be stopped?
    By Sheryl Canter
    PC Magazine June 30, 2003
    http://www.pcmag.com


    You don't need to own a Web-based photo gallery to worry about image theft. If you've paid an artist thousands of dollars to design custom graphics, you certainly don't want the images turning up on your competitor's site. And even if all you have is a small family site, you probably don't want pictures of your children available to whoever comes along. What can you do? You probably can't stop truly determined thieves, but there are a number of steps you can take to discourage image theft.

    There are four ways to copy Web images: browser commands, notably the right-click menu's Save picture command; site grabbers and online search engines; the browser's cache; and screen-capture programs or Windows PrintScreen feature. It's difficult to block all four methods. Screen capture is particularly hard to block and requires expensive encryption software such as Alchemedia's Mirage Enterprise (www.alchemedia.com) and ArtistScope's CopySafe (http://artistscope.com/copysafe). The alternative is to make stealing images difficult and inconvenient.

    Unless you want to antagonize your visitors, don't disable the right-click menu. This makes other useful right-click commands inaccessible. A better way is to use JavaScript to create a rollover, where an alternate images is displayed when the mouse hovers over the image. Rollovers typically display a copyright notice on top of the image, ,but you can swap in any image you like. If the visitor tries to capture the image using the right click menu, the alternate image is captured instead. Remember, however, that JavaScript support is not available in all browsers and can be disabled.

    You can also hide your image beneath a transparent GIF that is positioned via an embedded style sheet or a table. Right-clicking saves the transparent GIF rather than the visible image.

    Give the image a misleading name, so your visitors are not immediately clued to the trick. If your lucky, the image thief will leave your site before noticing the switch. If he's knowledgeable, however, he can obtain the real filename by looking at the source code for your page.

    You can also inconvenience thieves by chopping an image into pieces before uploading. Unfortunately, this is inconvenient for the coder as well as the thief.

    Webmasters commonly store images for a site in a subdirectory called images. If a directory doesn't contain an index file, then accessing the directory in the browser pulls up a directory tree with filenames - in this case, the names of all your images. An easy way to prevent this is to put a file named Index.htm in the images directory with a notice that all images on the site are copyrighted. Or if your server is running Apache, create a file with the name .htaccess and put in the line Index-Ignore *. Upload this file in ASCII mode to your images directory, and no file list will be displayed when users navigate to it.

    Metatags can hep you prevent browsers and search engines from caching or archiving the files on your site. The following code prevents Google from archiving your files:

    <meta name="robots" content="noarchive, noindex, nofollow, noimageindex, noimageclick">
    For browsers that support HTTP 1.1, this tag prevents caching:

    <meta http-equiv="cache-control" content="no-store">
    Since you can't rely on HTTP 1.1 being available, however, you should include the following tags prior to the no-store tag:

    <meta http-equiv=Pragma content=no-cache> <meta http-equiv=expires content=0>
    Again, this is an imperfect solution because browsers can cache a response marked no-cache as long as they revalidate the response before serving it. If your image is in the browser's cache, a determined image thief can find it.

    Using Flash, Shockwave, or a Java applet to display your images is a better way to prevent users from or saving images via the right-click menu. For example, a product called ImageSafe (www.cellspark.com/imagesafe.html) encapsulates images in a Java applet to keep them from being cached or copied. Adding a line of text or another image across a graphic will frustrate (but not ddisable) screen capture. The extra data, howver, increases download times.

    Finally, mark the image - either to identify it as yours, or to make it unappealing to steal. For example, Digimarc Corp. (www.digimarc.com) has a solution that lets you create an invisible watermark on your graphics, which can be tracked by a spider to find stolen images on the Web. You can use visible watermarks to make images less appealing, but your own Web site suffers with this approach.

    Just as there is no certain way to prevent a determined thief from entering your house, there's no perfect solution for protecting your images. But you lock your doors and windows to make entry difficult, and you can take equivalent steps to foil image thieves.

  2. #12
    Senior Member
    Join Date
    Oct 2001
    Location
    Helsinki, Finland
    Posts
    570
    Wow, I'm impressed by your tutorial, GG. I believe the transparent-gif-stretched-on-top-of-the-original-image -trick could also be done with pure CSS. Screenshots are the worst problem. The only way to "prevent" it would be to add a visible watermarking in the *middle* of the image, because all logos and texts in the corner/bottom/top/side of the image can simply be cut out (leaving the image slightly smaller than the original one). A logo in the middle of an image is not very beautiful but is the only way if you plan selling your images or something and want to provide a sample. Steganography/Cryptography -forum also provides links for tools like that can hide data, like a copyright-notice, into images. And thanks for the PC Magazine -article, I didn't notice this thread when it was on top for the first time.
    Q: Why do computer scientists confuse Christmas and Halloween?
    A: Because Oct 31 = Dec 25

  3. #13
    Doc d00dz Attackin's Avatar
    Join Date
    Mar 2003
    Location
    Florida
    Posts
    661
    Am over here clapping!! This is a very very organized Tut. Two up.

    Cya
    First you listen, then you do, finally you teach.
    Duck Hunting Chat
    VirtualConvenience
    RROD

  4. #14
    Junior Member
    Join Date
    Aug 2003
    Posts
    7
    if using phpbb2.05, can i add this code to where ? for Javascript - Right-Click Disable

  5. #15
    I was also thinking about ways to embed an image in flash to stop people from ripping it but came up with a few problems - number 1 is like GG mentioned you can get decompilers. These do not take the .swf (the file you view in your browser) back down to the .fla (file used to edit the movie) but they will allow you to rip out any images/actionscript/sounds in the file.

    One way round this I came up with was to use the trace bitmap function in flash - this converts your .jpg or whatever to a bunch of fills. This however can come at a noticable reduction in image quality. Also it does not stop people from hitting print screen.

    So I tried to come up with a way of making flash react when someone hits the print screen function. Maybe by displaying an image over the top of your original one - but so far I have not been able to achive this - anyone any ideas?? Also if the user clicks outside of the flash file and then hits print screen the flash file will not react as it is not active

    Another problem is this would not protect against people using other programs to take screen captures such as psp (paint shop pro) as it can be set to react to a multitude of different buttons or even after a certain delay.

    All in all it is very hard to protect your digital art - but this isn't something that bothers me - anything I create is free to use (except when it is for a client) but any of my own images/flash files/code people can take and use themselves - I will even send .fla's on request or some (esp for tutorials) I offer for download at my site. (http://www.the-ruc.co.uk) <- shameless plug
    All I ask is that they link back and let me know how it was used - is nice to see sometimes what others have added onto your designs.

    v_Ln

  6. #16
    GreekGoddess
    Guest
    My personal opinion is that if you're really concerned over the theft of your images go for a Digimarc account.

    You can go with a basic package for 1-99 watermarks for $49.00 USD. (Say for 99 images/basic package, that equals out to about 50 cents a pop, which isn't too bad.) And of course with having to pay for it, you're probably not going to pop your watermark on something as trifle as a sig image or avatar.

    I've played around with watermarks. They survive screenshots and quite extensive editing/rendering. The only way to fully get around it is to pretty much crop the picture up, and that defeats the whole purpose of taking it all together.

    Stick a watermarked image in a flash movie...and no matter whether they decompile it or take a screen, the watermark will still remain...then you can use Digimarc's tracking to take control of the situation.

  7. #17
    Junior Member
    Join Date
    Oct 2001
    Posts
    13
    Good posts GreekGoddess,

    another thing you can do in combination with the no-cache options,
    is to make the images only available to people loading your pages,
    so that you don't allow direct linking, opening, saving of the images.
    So if someone rights clicks and saves the image, they will actually save a dummy image, e.g transparent gif.

    One way to do this with e.g asp is to set a session or page parameter and value.
    For example when a page starts to load a parameter "CanLoadImages" is set to 1,
    and when the page is done the parameter is set to 0 again. When the parameter is 1 the user is allowed to load images and javascripts( can containg image references ). And when it's 0 the user gets redirected to a dummy image or dummy javascript. ( It's important to remeber that this only work if you have no-caching on the pages, or else the user have the scripts and images in the cache of the browser ).

    This is an example on a simple method for doing this, but if you want to take it more advanced, you can make session ids for each image and use cryptography on the image names.

    This will of course not stop anyone from taking a screenshot of the image.

  8. #18
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    Another think you can do is to replace your images with a CGI script that retrieves the image from somewhere outside the web directory. This CGI can be arbitrarily smart/devious. This will only protect you from people who try to link to your images (for example, without giving credit), but apparently this is the vast majority. You can do some pretty devious things, though. For instance (pseudocode)
    Code:
    // in this example, let's say that "/home/httpd/www" is the web root
    // this script is called "images" and is located in "/home/httpd/www"
    // It's called from the browser like "http://www.example.com/images/piccie.jpg"
    // To the user, it looks just like a directory
    
    imageFN = request.extraPathInfo
    
    imageFN = regex.match(imageFN, "[\w-_]+\.[gj][ip][fg]")
    // if you don't do this, 3v1l haxx0rz can read any file on your filesystem by requesting, for
    // example:
    // image/../../../../../../../etc/passwd
    // Directory traversal attacks, don't let them happen to you!
    
    if len(imageFN) < 5:
        print "Content-Type: text/plain"
        print ""
        print "Directory listing denied"
        system.exit()   
    
    if imageFN[len(imageFN)-3:] == "gif":
        print "Content-Type: image/gif"
    elsif imageFN[len(imageFN)-3:] == "jpg":
        print "Content-Type: image.jpg"
    else:
        print "Status-Code: 404 Not Found"
        system.exit()
    
    // replace "127.0.0.1" with your server's IP address. You can probably get this dynamically
    if ( (serverVars["Referer"] != "") and
         (getNumericIP(URLParser.Server(serverVars["Referer"])) != "127.0.0.1") and
         (getNumericIP(URLParser.Server(serverVars["Referer"])) != serverVars["ClientIP"])):
            // this is devious, it tries to figure out if the person who stole the 
            // image is the one looking at the page. If they are, it behaves normally.
            // This way, they may not notice that you're one step ahead of them.
            
            // otherwise, we randomly replace the image with one calling out the
            // slimy picture pilferer.
            if (random.random() < .3):
                imageF = open("/home/httpd/images/thisPunkStealsMyPics." + imageFN[len(imageFN)-3:])
                write(imageF.read())
                system.exit()
                
    imageF = open("/home/httpd/images/" + imageFN)
    if imageF == null:
        print "Status-Code: 404 Not Found"
        system.exit()
    else:
        write(imageF.read())
    This could be even more devious by keeping a record of the number of hits we've gotten from an off-site page. The probability of getting the "cut that **** out" replacement picture would start at 0, then gradually rise over time. Alternately, you could just always return a 404 error. This might be even more devious, because the behavior is totally mystifying to the non-31337 image thief.

    This approach works well in conjunction with Digimarc. Digimarc gives you ammunition for court, and protects you against people who download and re-post your pics (although digital watermarks cannot stand up too well to image modification). This approach gives you protection against small-time operators, and punishes them without you doing anything. Also, it's not always clear that embedding an image is copyright violation, so suing is expensive. Downloading an image and re-posting it is very clearly a copyright violation, so you can do subpoenas and discovery and all sorts of other expensive-for-the-defendant stuff.

  9. #19
    Deceased x acidreign x's Avatar
    Join Date
    Jul 2002
    Posts
    455
    Wow, Christina! This is a rather in-depth tutorial, and if I gave a damn what people did with my work, I'd probably take heed. "Let it never be said that your anal-attentive attention to detail never yeilded positive results" ~Dogma
    :q :q! :wq :w :w! :wq! :quit :quit! :help help helpquit quit quithelp :quitplease :quitnow :leave :**** ^X^C ^C ^D ^Z ^Q QUITDAMMIT ^[:wq GCS,M);d@;p;c++;l++;u ++ ;e+ ;m++(---) ;s+/+ ;n- ;h* ;f+(--) ;!g ;w+(-) ;t- ;r+(-) ;y+(**)

  10. #20
    Senior Member
    Join Date
    Mar 2003
    Posts
    301
    Great tutorial. A must for all those internet users that are signed up at those photo friend finding sites.

    PeacE
    -BoB
    #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
    ($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
    Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
    ,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •