TechnoLust's Journal: Ask Circle: Securing Photographs on Public Websites

A friend of mine is a photographer, and recently decided she wanted a website to show off / sell her work. She just bought a MacBook and made her website with iWeb* but quickly realized how easy it was to copy the photos off. Obviously, if people can easily get her works for free off her site, most of them aren't going to compensate her. I explained to her that it wasn't possible to totally prevent people from saving her photos, but that there were ways to make it more difficult. Of course she's watermarking them, but we want to make it harder for people to download them.

Since my experience is mostly webapps that run on an intranet and business websites that aren't concerned with people taking graphics, I haven't dealt with this issue in a while. I'm sure some of you have dealt with this before. (Eth, I'm looking in your direction.) I have listed the ways I can think of to get the image below, so any suggestions for how to secure them (or pointing out ones I missed) are appreciated.

• Right Click, Save Image (I remembered using a NoRightClick javascript function long ago, and found it, but it doesn't phase FireFox2.)
• Drag to Desktop (Mac)
• Browser Cache
• Print Screen

I considered making each image a flash movie that just loops the image, but that'd make it inaccessible to a lot of people. So would any little third party viewer that people had to download. And the only way I can think of to stop a screen print would be to overlay another image over them anytime a key is pressed, then remove it onKeyUp.

*iWeb makes it very easy to throw together a decent page quickly, but it doesn't have a way to edit the source... wtf? And I couldn't find anything to tell me how it uploaded the files when you publish them. After scouring the web and calling a few people, I finally figured out it copies them to a special Network folder where the iDrive and all that shit is.

Lots of options

[BWJones]

I usually place reduced resolution images on my website (600 pixels wide at 72dpi) which precludes any use other than web usage. If your friend is really worried, she can take a look at Smugmug.com which is a pretty nice service that a couple of my professional friends use.

Yes, that is the best option

[jawtheshark]

Low resolution, so that you cannot develop well them at your corner photoshop. Also use jpg and increase the compression level so that artifacts (some) are visible. It won't be super pretty (find a decent balance), but it will stop those that want to take it and make a poster out of the photograph.

I know the right-click blocking is possible because I saw it at some porn site someday.

Printscreen is impossible to block as far as I know. It's what I usually use if my browser doesn't allow me to save a

Re:

[Short Circuit]

The GIMP can export images to HTML tables. An egregious abuse of HTML, to be sure. But it would prevent right-click. Screw with the table settings (like, add a 1px cell border), and you can make screenshots pointless.

One warning, though...a 640x480 test image I made weighed in at 17MB. Plus, the table was a lot bigger than I would have liked...the resulting HTML might need some tuning. I don't have time to try it right now, but one might add a CSS stylesheet that forces the cells to 1px by 1px.

Another

Re:

[Ethelred Unraed]

Not only low resolution, but make the images background images (either of div or td elements). Then they can't be dragged and dropped or easily accessed, unless the person knows HTML pretty well. The foreground image would just be a clear 1x1 pixel GIF image stretched to fit.

If you want to be really clever, you could define the background images in CSS classes, then obfuscate the CSS, both by linking the CSS file(s) externally and by using a JavaScript function to obfuscate the external link (though peopl

Re:

[Ethelred Unraed]

Addendum: If you have server admin access or can set up an .htaccess file, or can route all image access through a PHP+gd or PHP+ImageMagick script, you could not only do the background images, but also prevent referrals not from the site itself from accessing the images. Naturally you should also prevent directory listings in the directory/directories where the images are stored.

The image access file could be something like this (untested code, but shows what I mean):

<?php
if (ereg($_SERVER['HTTP_HOST

Re:

[Talinom]

These are probably impractical, however if he could stream the picture it would prevent direct copying but not prevent a screen capture.

If he could put the picture on an overlay like the DVD player on your computer does then you would almost totally prevent screen captures. Combining that with what your PHP script does might help reduce copying even more.

Re:

[TechnoLust]

I knew you would know. I would have called you last night, but 1) I don't have your number, 2) I don't know what time it is in Germany, and 3) I don't know how much that would cost. Yeah, she bought my beer while we were there, but it wouldn't be worth a $50 charge on my cell for calling Germany. :-)

Re:

[Ethelred Unraed]

Well, my number can probably be had by begging btlzu2, subgeek or SiliconJesus, or looking on my site (yes, it's there -- has to be by law in Germany).

Germany is six hours ahead of the East Coast, so it's 6:22 pm here and 12:22 pm there. I generally go to bed rather late, midnightish or so.

As to how much it costs, that I can't tell you, but yeah, calling internationally from a cellphone in America is generally considered to be a Stupid Thing To Do(TM). Really depends on what kind of calling plan you hav

Re:

[Iamthefallen]

Ultimately, though, people can and will figure out ways to steal photos, and it will happen no matter what. Like with any form of DRM, the question is how much you can deter it, and how much deterrence is worthwhile -- without disturbing legitimate users.


First define who legitimate users/customers are. Is she trying to prevent Grandma from using her images as a desktop background, or is she trying to prevent MegaCorp Inc. and others from using them in ad campaigns?

Use medium resolution, an unobtrusive wate

Re:

[Captain Splendid]

This is the answer - it's not worth the time and hassle to finagle every little trick to stop image saving - offer low-res (as said below, find the right balance)+ watermarking and charge for full-res. The "pirate" situation applies well here. The idiots bent on stealing the pics will never be customers, and the real customers will be unfazed.

A nice app I know a few photographers use is Gallery 2 [menalto.com]. Fairly easy to set up and maintain, as well as offering robust commerce options. Requires decent access

Re:

[robi2106]

2nd on gallery. I use it for my business showcase (wedding photography & video clips). Has password level access if desired, has a nice java full screen slide show. Has the ability to upload a watermark mask and it will automatically apply the mask to all uploaded images. Can store multiple resolutions of the same image and can control who can see the full res. has users, groups, etc. Has loads of ways to upload content; remote app, straight from WinXP, flash interface, from zip on server, from lo

Re:

[account_deleted]

Comment removed based on user account deletion

Wow, DHTML form validation? Spiffy!

[BandwidthHog]

Flickr only uses Flash for some of the, err, flashier things, such as slideshows. All their other trickery is done with JS. I believe the tactic they use is to set the actual image as the background of an element and then show a transparent GIF as the foreground.

How does Flickr do it?

[sielwolf]

There's a way you can get set an image so if you try to just view it or save it you get a 0 byte Gif image called like spaceball.gif. Of course the problem is that you can still do a Print Screen -> Paste into your paint editor of choice. And there's no real way to block that. But however Flickr does it is probably the best way. How they do that? Dunno.

Re:

[jawtheshark]

What you describe could be the trick Ethelred Unraed described above.... jpg as CSS background, foreground an invisible.gif (a 0 byte gif opens just fine in Internet Explorer... I just tried. Gives a broken image icon in firefox though.)

Re:

[sielwolf]

Then there's always the issue in Firefox of "View Page Info", going to the Media tab and then just scrolling through the list (it provides you convenient Previews) and then saving the image. An example is this Flickr page [flickr.com] which does the 0 byte Gif but I was able to download it by using the process I described above.

Of course this requires understanding the featurers of Firefox that most people don't know :)

Re:

[jawtheshark]

Select the image, right-click on selection, "View Selection source" shows you the following:

<img src="http://static.flickr.com/52/144351840_954c021 183.jpg?v=0" alt="" onload="show_notes_initially();" class="reflect" height="333" width="500"><img style="position: relative; top: -335px; margin-bottom: -335px; display: block;" src="/images/spaceball.gif" alt="" height="333" width="500">

There you have your direct link. The spaceball image is just a image superimposed on the real image, so that

Re:

[Tet]

But however Flickr does it is probably the best way. How they do that? Dunno.

Quite clever, actually. They use CSS relative positioning to overlay an invisible GIF on top of the actual image. That by default gives it a higher CSS z-index, and thus any browser operations (including context menu) relate to the uppermost (invisible) image, rather than the image the user expects to see. Trivial to defeat if you know how, but 99.999% of the population don't...

You can edit the source after publishing...

[Some Woman]

But that's not terribly helpful. It's one of the many not terribly helpful things about iWeb.

Low Res, Watermark, Encourage Downloading

[jeepliberty]

It's called advertising. Deal with it.

I use Imagemagick's convert program [imagemagick.com] to crop, downsize, and brand my photos. I don't improve the quality with tonal balancing or histogram stretching. I save that for for an order of an 8x10 or 16x20 print. A 512x384 is perfect for a webpage or a 4x6 print. There's no money in that. Give it away! Consider it a lost leader. I also include instructions on how to use the photo in a blog (i.e. myspace). Sure, people use the right-click method, but if you provide a URL link

No

[turg]

First of all, whatever you do, do not (attempt to) block right clicking. This is extremely annoying to many more visitors than just the ones who want to take images. I use right-click on almost every site I visit. If I like your images, I'll probably be using "open in new window/tab" alot. And in any case, right clicking doesn't prevent me from viewing the source using the regular browser menu.

I'd say definitely do block based on referer as described above, but this is mostly to prevent people from stealing

You killed your best option!

[FortKnox]

I considered making each image a flash movie that just loops the image, but that'd make it inaccessible to a lot of people

Most people have flash... if you embed the images in flash, the best they can do is printscreen then manip the screencap... not worth it.
Flash is, by far, the best way to solve her situation.

Preventing copyright infringement for images

[Tet]

You can never stop people taking the image. But some relatively simple techniques can make it harder for them to do so:

• Checking the referrer before serving up the image
• Using JavaScript to disable context menus
• Invisible GIF overlays
• Place the image as a CSS background
• Use Flash to display the image

In addition, you take take steps to enable the iamge to be traced back to you at a later date:

• Add a comment to the image
• Add a visible watermark
• Add an invisible watermark (digimarc, etc.)

Every one of t

Disable right-click = lost customer

[johndiii]

Watermarking and serving low-res images are good approaches. Also the compression trick that was mentioned above. Or, as an alternative, have a members section that people pay up-front to use. Give them a set of samples as an inducement to join. There would be any number of ways of metering usage.

I use right-click for a variety of things, other than saving images. I will not steal your images, and I will not put up with you breaking my browser. So I absolutely will not buy from a site that disables co

Don't publish

[Sloppy]

but we want to make it harder for people to download them.

The only way, is to not place the images on a server. If you give people a way to view the images over the internet, then you will also give them a way to copy them.

What you want to do, is simply impossible without DRM (and even that probably won't really work). But if "making it inaccessible to a lot of people" isn't an option, then there simply isn't any way to do it, at all.

Flash

[MyHair]

My neice's school photos were presented with a Flash app that pulled external data, so the swf didn't need modification. BiL and I were able to extract the source photos by reading the framesets, embed calls and xml config files and gleaning the direct url, but most people won't be able to do that.

Flash is almost universal. Well, probably at least as universal as any tricks would be.

The swf app, by the way, had a scrollable thumbnail view and you'd click to put the bigger (but still small and stamped "PROOF