Protect image download

Question

I know the best way to protect image download is not putting it on internet in the first place.

I assume there is no 100% protection against image download and that if a user can see an image on internet he can with a bit of experience find access to download it.

I am aware of transparent .gif or .png covering the images or using background_image CSS property to protect it and prevent right click download but are there

other ways to complicate image download and therefore prevent image download by most users?

Here is simple code to start with :

<img src="http://placekitten.com/600/450">

Not really. As you mentioned, if people can see the image, then they can download it, whether you place a transparent `png` over it or not, it's not going to help if someone can `print screen` ;-) — Nick R, Jan 14 '14 at 09:40
You could place your images in a seperate folder, and create a server page to access them. On the server page you do whatever secuirity validation you need — RononDex, Jan 14 '14 at 09:41
If you somehow protect it from download, then user will take a screenshot of your img & will create a copy of your img. — Anup, Jan 14 '14 at 09:43
Put an effective copyright statement in the footer of your page, something like: "all rights reserved. I'll wait outside your house" — Fabrizio Calderan, Jan 14 '14 at 09:43
I'd probably stick it into a canvas. You can't right-click it to save. You could do a simple xor-encryption on the image's source url. That way (a) your users must unfortunately use a html5 compliant browser and (b) the user will only get the image if they look at the Network tab of the browser's debugger or manually un-encrypt the images URL. Naturally, you could simply load a binary resource with javascript and then use that data to populate an empty canvas element. In each case, AJAX would retrieve the data file, be it binary rgb data or a known image file format. — enhzflep, Jan 14 '14 at 09:52
you can also watermark that image (eg. your name or your website name) — Bhavesh G, Jan 14 '14 at 09:55
@enhzflep from the past - Now, some 2 and a bit years later, this is no longer the case. You can now right-click a canvas and be presented with a Save As dialog. — enhzflep, Apr 21 '16 at 00:37
@enhzflep Thanks for the tip about using the Network tab... worked like a charm :) — Sujay Phadke, Jan 05 '17 at 16:59
I often use: Open inspector, Application Tab, Section Frames, Top -> images. Right click -> save image. But most of the time shift-alt-4 -> grab area works fine too. There are also chrome extensions to download all images. Or just download the page. File -> save page as. — Joeri, Jun 09 '23 at 11:16

score 117 · Answer 1 · edited Dec 16 '22 at 06:56

117

Another way to remove the "save image" context menu is to use some CSS. This also leaves the rest of the context-menu intact.

img {
    pointer-events: none;
}

It makes all img elements non-reactive to any mouse events such as dragging, hovering, clicking etc.

See spec for more info.

In reactjs project, avobe code put in global CSS (index.css)

edited Dec 16 '22 at 06:56

Nurul Islam

43
4

answered Oct 14 '16 at 20:27

CampSafari

1,352
1
8
5

10

This is great! It makes all img elements non-reactive to any mouse events such as dragging, hovering, clicking etc. – Svagis Nov 03 '16 at 18:59
People forget about dragging as a way to easily steal images. I always include anti dragging in client side right click protection. – Ripside Oct 17 '17 at 14:41
Does this stop fiddler from access to your https? Curious solution indeed. I like how you can mod context-menu though. – May 23 '18 at 19:28
2

I would open the dev console and download the image from it's URL. – Koushik Shom Choudhury Jul 13 '18 at 03:33
1

@KoushikShomChoudhury I would build a scraper to do that in auto. But most user will die if they saw colorful html code – Yehui He Nov 22 '21 at 17:26
I often use: Open inspector, Application Tab, Section Frames, Top -> images. Right click -> save image. But most of the time shift-alt-4 -> grab area works fine too. – Joeri Jun 09 '23 at 11:15

score 74 · Accepted Answer · edited Nov 28 '22 at 13:49

74

No there actually is no way to prevent a user from doing a particular task. But you can always take measures! The image sharing websites have a huge team of developers working day and night to create such an algorithm where you prevent user from saving the image files.

First way

Try this:

$('img').mousedown(function (e) {
  if(e.button == 2) { // right click
    return false; // do nothing!
  }
});

So the user won't be able to click on the Save Image As... option from the menu and in turn he won't get a chance to save the image.

Second way

Other way is to use background-image. This way, the user won't be able to right click and Save the Image As... But he can still see the resources in the Inspector.

Third way

Even I am new to this one, few days ago I was surfing Flickr when I tried to right click, it did not let me do a thing. Which in turn was the first method that I provided you with. Then I tried to go and see the inspector, there I found nothing. Why? Since they were using background-image and at the same time they were using data:imagesource as its location.

Which was amazing for me too. You can precvent user from saving image files this way easily.

It is known as Data URI Scheme: http://en.wikipedia.org/wiki/Data_URI_scheme

Note

Please remember brother, when you're letting a user surf your website you're giving him READ permissions on the server side so he can read all the files without any problem. The same is the issue with image files. He can read the image files, and then he can easily save them. He downloads the images on the first place when he is surfing your website. So there is not an issue for him to save them on his disk.

edited Nov 28 '22 at 13:49

lechup

3,031
27
26

answered Jan 14 '14 at 09:45

Afzaal Ahmad Zeeshan

15,669
12
55
103

5

I think if the user is competent enough to use the inspector, then they probably know how to turn `Javascript` off ;-) – Nick R Jan 14 '14 at 09:46
6

Hehehe @NickR, then I guess the best way is to NOT UPLOAD THE IMAGE ON INTERNET! :D Wouldn't it be ;) – Afzaal Ahmad Zeeshan Jan 14 '14 at 09:50
@NoobEditor no, better than that, shut down the computer and go to sleep .. my favourite hobby it is! I wish there was no programming and sleeping only :P – Afzaal Ahmad Zeeshan Jan 14 '14 at 09:56
13

If the user REALLY wants an image, won't he just take a screenshot if nothing else works? – Ranveer Jan 14 '14 at 09:59
1

Well, he can snip the desktop screen using snipping tool, he can PRT SCR, he can Search Google For this image (new option in Google Chrome) .. he can get the image! Users are hell bots man..@Ranveer.. – Afzaal Ahmad Zeeshan Jan 14 '14 at 10:00
I guess theres one point you are missing when you say people can take screenshots @Ranveer . Theres a difference btw getting a screenshot of an image, and getting the image resource itself. What if the image is set to small dimensions? The theif (say) will be more interested in the higher res resource, and probably webtiki too is more interested in protecting the resource, and not its output (low res probably). – Max Payne Apr 11 '15 at 15:19
@TimKrul, even if he wants the original image, the browser anyway downloads everything locally to view it. It's easily get-able – Ranveer Apr 11 '15 at 16:12
@Ranveer aside with screenshot idea huh? :P – Max Payne Apr 14 '15 at 10:05
Chrome allows you to also paste data URIs in the omnibar, so the image can still be downloaded anyway. – Patrick Roberts May 02 '18 at 02:07
@PatrickRoberts, image is already downloaded if the browser is previewing it--it is just a matter of time til the user is able to find where the resource resides. :-) – Afzaal Ahmad Zeeshan May 02 '18 at 10:16
$('img').mousedown(function (e) { if(e.button == 2) { // right click return false; // do nothing! } }); At the end of the function one round bracket is missing. – Deepak Syal Sep 06 '20 at 17:49
1

This is not working for me. Don't know why. – Rahul Hindocha Jun 02 '21 at 07:17
Even if you use `data:imagesource` I can still copy the base64 data and convert to JPEG or other format. So there really is no way to prevent a download – Dovahkiin Aug 10 '21 at 08:58

score 23 · Answer 3 · edited Feb 18 '18 at 18:29

23

If it is only image then JavaScript is not really necessary. Try using this in your html file :

<img src="sample-img-15.jpg" alt="#" height="24" width="100" onContextMenu="return false;" />

edited Feb 18 '18 at 18:29

Xantium

11,201
10
62
89

answered Jan 25 '17 at 23:11

Olaoluwa Fabuyi

339
2
5

4

To say that this is not JavaScript is misleading. `oncontextmenu` is an inline JavaScript event handler. `return false;` is JavaScript code. So this code still uses JavaScript, and so anyone can bypass it by just disabling JavaScript in their browser. – Sumit Feb 20 '21 at 11:27

score 16 · Answer 4 · answered Jan 14 '14 at 09:43

16

There is no way to protect image downloading. This is because the image has to be downloaded by the browser for it to be seen by the user. There are tricks (like the transparent background you specified) to restrict certain operations like image right click and saving to browser cache folder, but there isn't a way for truly protecting the images.

answered Jan 14 '14 at 09:43

Tzach

12,889
11
68
115

6

@chadocat That's because there is no answer for your question – Idrizi.A Jan 14 '14 at 09:49
@chadocat : actually, *this is* the answer....a site may use over 100 of images...u plan to go on preventing all the images....m surprised!! – NoobEditor Jan 14 '14 at 09:52
1

@Enve obviously there are ways to complicate image download by people who don't have much internet knowledge... everyone doesn't have a code inspector and everyone can't access the source code – web-tiki Jan 14 '14 at 09:52
3

@chadocat : *if someone needs it, that person is gonna find a way for sure* ....this is one fact!! :) – NoobEditor Jan 14 '14 at 09:52
1

@NoobEditor I have understood that, as I specified in the question it is not possible to totaly prevent it but, I repeat my question and my comment, I just want to make it complicated enough for people who don't know much about internet. – web-tiki Jan 14 '14 at 09:57
I don't understand why should we should provide client to inspect our code using inspector. I would prefer to disable it in production application. Any second thoughts on this? – Pran Kumar Sarkar Aug 14 '20 at 23:11
1

I am sure people who are looking for an answer to this question, just want to make it harder for users to save the images, not perfectly protect them. Most of the users on internet give up too quickly, and adding two or three layers of difficulty can result in a certain level of protection. – Talha Imam Nov 20 '21 at 17:54

Ace · Answer 5 · 2021-02-17T12:24:05.430

1. Disable the Right Click on all Images

let allImages = document.querySelectorAll("img");
allImages.forEach((value)=>{
    value.oncontextmenu = (e)=>{
        e.preventDefault();
    }
})

2. Disable the Pointer Event Using CSS

img{
    pointer-events: none;
}

3. Put a transparent overlay over all the Images

<div class="imageContainer">
    <div class="overlayDiv"></div>
    <img src="Image.jpg" alt="Image">
</div>

And some CSS like this

.imageContainer{
    position: relative;
}
img{
    position: absolute;
    width: 100%;
    height: auto;
    top: 0px;
    left: 0px;
}
.overlayDiv{
    position: absolute;
    width: 100%;
    height: auto;
    top: 0px;
    left: 0px;
    background-color: transparent;
    z-index: 2;
}

4. Put your Image as a Background Image

div{
    background-image: url(Image.jpg);
    background-size: cover;
}

These methods will only work on normal users because they most probably don't know about the inspector or how to check source code.
But a web developer can easily download these files, there is no such way you can disable the inspector completely.

At the end i would like to add few words.

Technically, Now think about this you are sending a Image from your server to another computer over HTTP, and you are at the same time trying to prevent it, it doesn't make any sense.....

you should always assume that anything that enters the machine of the user can be retrieved back now or later, no matter how hard you try, to hide it with encryption or maybe like youtube, sending the thing in chunks, and collecting them in browser.

getting the image ultimately is hard for a common user but not for people with a lot of technical background, maybe they are intercepting the entire network on Operating System Level, how you gonna stop them there.

Mark · Answer 6 · 2014-01-14T18:30:41.830

10

As some people already said that it is not possible to prevent people to download your pictures, a trick could be something like this:

$(document).ready(function()
{
    $('img').bind('contextmenu', function(e){
        return false;
    }); 
});

This trick prevents from the right click on all img. Obviously people can open the source code and download the images using links in your source code.

edited Jan 14 '14 at 18:30

answered Jan 14 '14 at 09:47

Mark

1,069
2
21
44

Why would I want to download your picture when I can serve it directly from your site? :) -just saying – May 23 '18 at 19:25
I am using this in combination with css, setting pointer-events:none to the image element. Also disabled prt scr by attaching a listener to the keyup event. – Talha Imam Nov 20 '21 at 18:12

Bhavesh G · Answer 7 · 2018-10-16T19:04:46.877

There is no full-proof method to prevent your images being downloaded/stolen.

But, some solutions like: watermarking your images(from client side or server side), implement a background image, disable/prevent right clicks, slice images into small pieces and then present as a complete image to browser, you can also use flash to show images.

Personally, recommended methods are: Watermarking and flash. But it is a difficult and almost impossible mission to accomplish. As long as user is able to "see" that image, means they take "screenshot" to steal the image.

score 9 · Answer 8 · edited Apr 11 '19 at 06:20

Here are a few ways to protect the images on your website.

1. Put a transparent layer or a low opaque mask over image

Usually source of the image is open to public on each webpage. So the real image is beneath this mask and become unreachable. Make sure that the mask image should be the same size as the original image.

<body> 
    <div style="background-image: url(real_background_image.jpg);"> 
        <img src="transparent_image.gif" style="height:300px;width:250px" /> 
    </div> 
</body>

2. Break the image into small units using script

Super simple image tiles script is used to do this operation. The script will break the real image into pieces and hide the real image as watermarked. This is a very useful and effective method for protecting images but it will increase the request to server to load each image tiles.

Overlaying something transparent is by far better than disabling right-click, as that way you're having the same level protection, but still allowing the user to use their right-click menu. — Hanna, Oct 03 '16 at 05:26

Xantium · Answer 9 · 2018-02-18T18:44:44.177

First realise that you will never be able to completely stop an image being downloaded because if the user is viewing the image they have already downloaded it (temporarily) on their browser.

Also bear in mind the majority of users will probably not be web developers but they may still examine the source code.

I really discourage disabling right click, this can be extremely frustrating for the end user and is not safe anyway since the image can still be dragged into a new window and downloaded.

I would suggest the method used by CampSafari i.e.

img {
    pointer-events: none;
}

but with an improvement:

So first lets remove the url of your image and add an id attributes to it. Like so:

<img id="cutekitten">

Next we need to add some JavaScript to actually show the image. Keep this well away from the <img> tag you are trying to protect:

document.getElementById("cutekitten").src = "http://placekitten.com/600/450";

Now we need to use the CSS:

#cutekitten {
    pointer-events: none;
}

The image cannot be dragged into a new window as well downloaded via right click.

JSFiddle

Yet another method you could use is the embed tag:

<embed src="http://placekitten.com/600/450"></embed>

This will prevent the right click.

*In the second example I tried a demonstration with JSFiddle and it did not work, yet I tried this in a normal html document and it worked fine* — Xantium, Feb 18 '18 at 18:49
Whats the point in adding src attribute by javascript? The src will still be visible in the inspector. — Pran Kumar Sarkar, Aug 14 '20 at 22:58
Agree with @PranKumarSarkar. Further, the image will not load if script is broken or user-disabled, which is not good practice. If you wish to distance "src" from the HTML for some reason, just use a CSS "background: url", but this also will not be hidden. — user3168191, Oct 22 '20 at 11:40

JueK3y · Answer 10 · 2021-09-17T09:26:24.363

4

I know this question is quite old, but I have not seen this solution here before:

If you rewrite the <body> tag to.

<body oncontextmenu="return false;">

you can prevent the right click without using "real" javascript.

However, you can't prevent keyboard shortcuts with HTML. For this, you must use Javascript.

edited Sep 17 '21 at 09:26

answered Feb 23 '21 at 15:38

JueK3y

267
9
22

score 3 · Answer 11 · answered Jun 21 '22 at 22:35

It's pretty much all about how much work the "thief" is willing to put into stealing the image.

You can possible deter a lot of lazy ones by just disabling the right-click menu, creating overlays, using it as background-image, ... But anyone with limited IT skills can go into the Developer Tools, under "Network", and is able to see and copy any images that have been downloaded to the browser.

These solutions also come with some downsides. Using "background-image" will possibly prevent Google from indexing your image. No context menu can prevent the user from using other options in the context menu which can be quite annoying.

The best - and basically only - solution, is to cut the image up into small pieces server-side, and put them back together with some custom javascript. For extra protection you can store some kind of "map" along with the image, with directions on how the image should go back together. This way it's not clear to the thief how all the different downloaded tiles should fit together.

Of course anyone can always take a screenshot. But I assume you are more worried about people downloading a full size and high quality image, instead of just having a low-res screenshot version.

score 2 · Answer 12 · answered Jan 14 '14 at 09:55

As other answers said, if you can see it you can copy/download it.

To add up to the other answers, just for your information, you can add invisible or tricky watermarks to your images: http://www.cgrats.com/create-an-invisible-watermark-in-photoshop.html (just an example, there are more techniques, just google for invisible watermarks)

Anyway if you want to prove the ownership of your image a good way is to have a bigger resolution copy for yourself, and always publish a lower resolution / size one. Or publish it also on a "public" media like ... deviantart or flickr or something where people can't change the upload date. This way you can prove you had that image before anybody else

score 2 · Answer 13 · answered Sep 28 '19 at 16:46

2

Try this one-

<script>
    (function($){
      $(document).on('contextmenu', 'img', function() {
          return false;
      })
    })(jQuery);
  </script>

answered Sep 28 '19 at 16:46

Shamsul Huda

163
1
9

score 2 · Answer 14 · answered Apr 08 '21 at 09:20

This is working form me: content: url('https://myimage.png'); in the style or css class. Than you cant right click and save the image.

img.my-image-class{
            content: url('https://myimage.png');
        }

You can also convert the image to base64 and put it like bellow. So if yo want to download the image you need to use developer tools, than find the class, than copy the base64 which can be long if the image is big and than you need to decode this base64 and you will have the image. So its still possible to download the image. Even if it was not possible users can make screenshots of the image on the webpage and cut it in paint or use cutting tools.

img.my-image-class{
                content: url(data:image/gif;base64,...img base64.....);
            }

Convert IMG to Base64: https://www.base64-image.de/

Decode Base64: https://codebeautify.org/base64-to-image-converter

Reference: How to reuse base64 image repeatedly in HTML file

rahul patel · Answer 15 · 2016-12-13T06:12:15.627

As we know there is no proper method to avoid image theft. But we can reduce it for some extent. We can avoid those people who are not geek in computers to download the image as well as your code. Here are some JQuery tricks we should include in our site to reduce image theft

Disable right click
Disable Ctrl+ combination (ex Ctrl+s,Ctrl+u) [Better to disable Ctrl key ]

But user can also download the web page using developer tools in Firefox. We don't have solution for this because this will be on the client side and is provided by the user's browser.

You can find the code for all the above listed on stack overflow

score 1 · Answer 16 · answered Jun 04 '20 at 12:32

1

this code will disable Right-Click on Win or Click and hold on mac to open "contextmenu"

$("img").on("contextmenu",function(e){return false;});

It's so simple and always works fine. and it's not depends on OS or Browser that you're using.

answered Jun 04 '20 at 12:32

ARiyou Jahan

622
6
7

score 0 · Answer 17 · answered Dec 16 '22 at 06:15

0

I used the below code in global CSS (index.css) in ReactJS. It's working correctly. You can also try. Thanks.


img{
pointer-events: none;
}

answered Dec 16 '22 at 06:15