Is it possible to protect from downloading a video from a site

Question

Is it possible to protect a video from a site from being downloaded?

While users could record a video by using some hardware device, it should not be possible to download a video using some link - exactly like google videos.

For example, if I have Real One Player in my system, I have an option to download the video; this should be restricted.

Answer 1

Yes. Never ever show it to anyone. As soon as you do, all bets are off (for less paranoid answer, see last paragraph).

This is the common problem with copy protection: you are unable, by any means, to distinguish between a legitimate user and an adversary (as they may even be the same person).

Edit: re "my users can able to watch the video. but they must not be able to download that video" Let's try and disassemble this:

• the user clicks the mouse on your player's "Play" button
• the click goes through the computer's OS to your player
• the player sends a request through the network "send me teh videos" to your server
• (this, by definition, requires that the request goes through the whatever networking stack the user's computer has)
• the server, if it decides that it's a legitimate player, begins sending data to the user's computer.
• (this, also by definition, means, that the user's computer is "downloading" the data)
• *the data comes through the network into the computer (although capturing the data at this stage is more practical for the NSA than for a user)
• *the OS handles the lower data layers (i.e. "this is a data packet, from $yourserver to me, and should be passed on to $yourapp")
• *the OS passes the data to the app that requested it
• the player receives the data
• *the player transforms the data into a sequence of images (a.k.a. a video) and a sound track
• *the player sends the images to the OS's display subsystem, or saves it to disk
• *the display system transforms the images into a format the screen understands
• *the images flow through a cable into the screen
• *the images are displayed on the screen (at which point they exit the computer in form of light)
• the light reaches the user's eyes

Your video can be intercepted (and/or modified) at every point marked with * (although quality of the copy may decrease, esp. when capturing the analog output). Unless you can somehow eliminate each and every of those (good luck with the last one), all you can do is make the data capture/transform more complex. There's a whole industry built around these "weak points" (google "stream ripping" to see for yourself).

You can complicate the capture with various DRM technologies, but in the end, the data stream must become analog video and analog audio (a.k.a. light and sound) somewhere.

However, if you don't care that a determined user will bypass your protection, and if it's enough to protect the video from 90% of users, I believe the Real formats that you mentioned do have some flag "don't allow save". This will disable the "save as" option in the player (i.e. the "or saves it to disk" option above); for most users, this will be a significant enough barrier. Anything more will probably inconvenience and anger 100% of your users, while not providing significantly more protection.

Answer 2

If the user's eyes can see the video, the user's recording device can also see the video. There is not now, and never will be, a way to prevent users from recording content which they are viewing/listening to. It is an unsolvable problem.

Answer 3

If users can "watch" a video, they can always find a way to save it to disk. You could watermark a copyright message over your videos but I am afraid that's about it.

Answer 4

It is impossible to prevent a video from being downloaded. For the video to be displayed on the screen, the bits that make up the video must be transmitted to the users pc - which you have no control over.

All you can do is make it difficult.

For example, use css to display a transparent image over the video so to make it hard to right-click the video and view its properties (Flickr do with with pictures).

Or use obfuscated html/javascript to make it hard for a user to do View->Source. But a sufficiently determined user could unobfuscate it, and you can't disable View->Source because you don't own the user's pc.

You could go further and use a custom (secret) video file format and brower plugin, or use a seperate realmedia-style playback client. These are likely to annoy your users, though, and doesn't stop someone from reverse-engineering your protocol/format and writing their own client to impersonate the browser and save the video in a standard format.

I don't advocate doing any of the above!

Bottom line: you have to send the bits to the user's pc, and once you do that you lose all control over them.

Answer 5

@Fero

Instead of Putting Your video in web site, Setup Remote Desktop in your Home Computer.

Open Login account for each users manually, and Let users login,

And Let the users watch your movies through it, and

You can also monitor them one by one too, without sleeping.

May be thats the way to go!

Answer 6

To be upfront, nothing is bulletproof. For every protective measure developed, someone has found a way to defeat it. However, you can take some steps to stop (or at least slow down) the casual user.

The Real Networks platform offers quite a few options for protecting content, the safest of which is generally streaming it live or on-demand.

In order to give you specific directions, we'll need more information, though. You mention that Real One Player is giving a 'save' option. It can play several formats. What type of file are you posting (Real, WMV, etc) and how is it currently being served (link, embed, stream).

Answer 7

It is impossible to effectively stop a user from saving your video one way or another. A desperate one might actually record the entire screen content while it is being played.

Answer 8

Fero, this is a subject that a lot of big entertainment corporations are facing it everyday. "But how can I stop people copying my stuff"?

You can difficult it, but as you difficult people watching, people are less inclined to use your system unless you give the most important information they have ever seen. If a login barrier is a concern, imagine forcing people to use Real Player.

Trying to make your videos famous and relevant are better than try to encrypt at any costs before they are important.

Answer 9

You can protect video from downloading if you are using html5 video.

Here is an opensource script which you can try and there is no way to bypass it for now : http://sourceforge.net/projects/defaprotecthtml5videodownload/

It is using way of special algorithm which doesn't send you a original video files but sending files with rules so it can stop your video from downloading

Answer 10

   //test.php
 <video controls src="your/path/1502139559.mp4"></video>
    <?php

      if (session_id() == '') {
       session_start();
      }
      error_reporting(0);
      $out2 = ob_get_contents();
      if (strpos($out2, "<video") || strpos($out2, "<audio") || strpos($out2, "<source")) {
       ob_clean();
       if (strpos($out2, "<safe") == false) {
        $window = md5(time());
        $_SESSION['window'] = $window;

        ?>
        <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" >
        <script>
         jQuery.ajax({
          type: "POST",
          url: "/enable.php",
         });


        </script>



        <?php

        if (strpos($out2, "<safe") !== false) {
         $_SESSION['safe'] = "SAFE";
        }

        function getURL($matches) {
         global $rootURL;
         if ($_SESSION['defat'] == "") {
          $_SESSION['defat'] = 1;
         } else {
          $_SESSION['defat'] = $_SESSION['defat'] + 1;
         }
         $_SESSION['x' . $matches['2'] . $_SESSION['defat']] = 0;
         $_SESSION['defa' . $matches['2'] . $_SESSION['defat']] = md5(time() . "Defa Protector");
         $_SESSION['imdefa' . $_SESSION['defat']] = md5('Defa') . base64_encode(base64_encode($matches['2']));
         $_SESSION['x' . $matches['2']] = 0;
         $_SESSION['defa' . $matches['2']] = md5(time() . "Defa Protector");
         $_SESSION['file' . $_SESSION['defat']] = md5('Defa') . base64_encode(base64_encode($matches['2']));
         return $matches[1] . $rootURL . "defavid.php?window=" . $_SESSION['window'] . "&defat=" . $_SESSION['defat'];

        }

        $mes = preg_replace_callback("/(<video[^>]*src *= *[\"']?)([^\"']*)/i", getURL, $out2);
        $mes = preg_replace_callback("/(<source[^>]*src *= *[\"']?)([^\"']*)/i", getURL, $mes);
        $mes = preg_replace_callback("/(<audio[^>]*src *= *[\"']?)([^\"']*)/i", getURL, $mes);
        echo $mes;
       } else {
        echo $out2;
       }
      }

    ?>
    //defavid.php
    <?php

      ob_start();
      if (session_id() == '') {
       session_start();
      }
      $window = addslashes(strip_tags($_GET['window']));
      $md5defa = md5('Defa');
      $t = (int) $_GET['defat'];
      $filedefa = str_replace($md5defa, '', $_SESSION['file' . $t]);
      $file = str_replace("https://", "http://", base64_decode(base64_decode($filedefa)));
      $defa = str_replace("https://", "http://", base64_decode(base64_decode($filedefa)));
      $defaurl = get_headers($file, 1);
      $url = $defaurl["Location"];
      if ($url != $file && $url != "") {
       $file = $url;
      }
      if (!function_exists('http_response_code')) {

       function http_response_code($newcode = NULL) {
        static $code = 200;
        if ($newcode !== NULL) {
         header('X-PHP-Response-Code: ' . $newcode, true, $newcode);
         if (!headers_sent())
          $code = $newcode;
        }
        return $code;

       }

      }
      $header = http_response_code();
      $header2 = getallheaders();

      function isMobile() {
       return preg_match("/(MSIE|Edge|android|avantgo|blackberry|bolt|boost|cricket|docomo|fone|hiptop|mini|mobi|palm|phone|pie|tablet|up\.browser|up\.link|webos|wos)/i", $_SERVER["HTTP_USER_AGENT"]);

      }

      if (isset($_SESSION['jsenable' . $window])) {
       if ($header == 200 && $header2['Accept'] != "" && $_SESSION['x' . $defa . $t] == 0 && isMobile() || isset($_SERVER['HTTP_RANGE'])) {

        $_SESSION['x' . $defa . $t] = $_SESSION['x' . $defa . $t] + 1;
        if (isset($_SERVER['HTTP_RANGE'])) {
         $opts['http']['header'] = "Range: " . $_SERVER['HTTP_RANGE'];
        }
        $opts['http']['method'] = "HEAD";

        $conh = stream_context_create($opts);

        $opts['http']['method'] = "GET";

        $cong = stream_context_create($opts);

        $out[] = file_get_contents($file, false, $conh);

        $out[] = $http_response_header;

        ob_end_clean();

        array_map("header", $http_response_header);

        readfile($file, false, $cong);
        die();
       }
      }

    ?>
    //enable.php

    <?php
    if(session_id() == ''){
         session_start(); 
    }
    $window = $_SESSION['window'];
    $_SESSION['jsenable'.$window] = TRUE;
    ?>