Place of design
» Protecting images online
« Can’t access G2 plugin page? | One of our sites – Photolearn »

Protecting images online

Protecting images on line is always a hot topic for a photographer. Below are the common methods of preventing images being copied. It is worth bearing in mind there are 3 grades of image thief

Type A – The casual browser / normal user
Type B – The web designer (in terms of knowledge level)
Type C – The hardened cyber criminal / hacker (in terms of knowledge level)

Your strategy will be dependant on which users you are trying to deter. The normal user will be put off with simple deterrents and give up. A person with web designer knowledge will be right in there in seconds, unless the images are protected very well protected. Protecting against the hardened cyber criminal / hacker is very hard, and needs an additional strategy

Right click
You can disable the right mouse click and pop a message up about copyright. This will deter a lot of people in class A, but has the disadvantage of stopping people using “right mouseclick / back” to return to the previous page, which is how some partially sighted / blind people with text readers jump back a page. The right mouse click thing is quite annoying and doesn’t prevent your images being stolen – as disabling Java will quickly circumvent the issue

Right click (nice alternative)
Offer nice popup menu on the right click – this is much more pleasing than the traditional version, and a lot more subtle, also the equivalent “back” link can be programmed in so not to upset the users who use a text reader. Again this will slow down a “A” type user. A print screen grab will still beat this method

Transparent GIF
Pop photograph in a table and cover with transparent GIF.  This is quite subtle – you pop the image in a table/cell background, and stretch a 1×1 transparent GIF over the top. When the user copies the file, they get a blank transparent GIF, not the photograph. This doesn’t rely on Java, and will deter most type “A” browsers. A print screen grab will still beat this method

Chop image up
Here we slice the image up, and reconstruct it on the page. When the user copies the file, they get a small portion of it. This can be combined with the transparent GIF method, and will work if Java is turned off. This is likely to deter both user type “A” and User type “B” because it is too much effort to actually get the image into a usable state. A print screen grab will still beat this method

Protect the image directory
This is usually the default setting on most servers nowadays – check that you can’t directly navigate to the image directory and get a directory listing (at which point you will loose all your images)

Advanced right click (java)
There are some very clever methods of defeating the right click and print screen – essentially a script remaps or disables specific buttons (like the control key). This is pretty irrelevant, as disabling java defeats it. It will deter most type “A” users

Flash
Contrary to popular belief, images are not secure in Flash. Yep your average type “A” user will be defeated; your average web designer can just decompile the flash code using a “Flash Decompiler” which will drop out all the images nicely

Obfuscate source code
Essentially there are several methods here: firstly the source code can be “scrambled” making it pretty unreadable, preventing the human user from seeing where the image is stored. The second is to offer an alternate content when the source is viewed (which can be defeated easily)

Use PHP
By using PHP to serve the images, the actual directory they are in can be hidden. Instead of HTML files on the server there is a “program running on the server” that serves the images to the browser. The browser doesnt get to know the real location. This will prevent most web designers from browsing the directory. The next task here is to use an abstractly named and nested directory to prevent guessing.  Using a .htaccess file to remap to correct location is sweet too. This will slow down type”B” users from taking the images en-masse

DHTML / Javascript
Use a script that only displays the big picture when the mouse is over the thumbnail, and the left mouse button is depressed. This is clever, as the page won’t display anything if Java is turned off, and you can’t right mouse click while the left button is down. In combination with PHP or other methods, this will beat most type “A” and “B” users. This can prevent a screen grab of the pig picture, because the left mouse button is down

Disable IE6 image toolbar
Drop the following code in a webpage header, and the IE6 image toolbar disappears

<meta http-equiv=”imagetoolbar” content=”no” />

Use a plugin
There are a few – here is an example: http://www.artistscope.net/

This is the most effective option we know about. The downside is that it is expensive both in terms of price, and inconvinience to the end user.  To see the images, they need to download a free plugin (just like you do for Flash)

This is pretty unbeatable from the browser – so type “A” and Type “B” users will not get your images

Use a watermark
Ugly, but effective up to a point, also consider Digimark digital watermarking

Publish a policy
Explain that you check regularly for copied content either that you use Digimark or that you check http://www.copyscape.com/ & http://www.archive.org/index.php and that you always take action against image and content thieves. This actually may deter most. By showing you are proactive, most will walk away

Review your web stats and logs
By reviewing your web statistics regularly, you ought to detect hot linking and unusual activity. If so, contact your ISP to Block the IP address. Hot linking is even worse than someone nicking your image – they are getting your server to actually to serve it. I.E. their webpage has your image on it, served from your web space… resulting in your bandwidth being stolen, and affecting your sites performance

Beating the Type “C” user
We are talking about preventing your site from being hacked. I will only offer general advice on this but:
1. Use a host you trust
2. Check the versions of PHP etc. you are using, and ask about when the server was last patched
3. Change your FTP and SQL passwords after the web designer has done his thing – your designer will be able to show you how to change the SQL passwords, and what files to edit
4. Use “Strong passwords”
5. Change your passwords often
6. Keep up to speed on the updates (security) for any packages you are using (gallery packages or CMS packages for example
7. Regularly change your Cpanel password
8. If you have a very valuable collection of images or files, have a security audit using a firm specialising in them
It is worth mentioning that most of this type of theft is pretty close to home – from a disgruntled website designer, employee etc.. So having systems where access is limited to the very few you trust, and having a clean desk policy is the way to go

Conclusion
Although not an exhaustive list, we can see that it is pretty easy to make it fairly hard to copy images for the majority of surfers. However there is a third type of slippery customer that is much harder to beat…

In the real world
Generally a combination of the above does a pretty good job. There are always ways around things – it’s a bit like locking your bike up outside the bank. If you don’t lock it it will walk – if you stick a cheap lock on – it will stay until someone brings some bolt cutters along

About the Author

Richard King is a professional photographer and website designer.  To speak to Richard call 0115 845 8953.  Richard specailises in websites for photographers and artists


Digg it | submit to del.icio.us