Secure streaming audio

Question

I'm making a Flash game that uses streaming audio like this: var req:URLRequest = new URLRequest("myMP3.mp3");

Does anyone know of a cheap and easy way to make the MP3s relatively secure? I don't want people to be able to just type in the URL to be able to get the MP3.

Answer 1

You will never be able to prevent folks from copying your audio. No matter what you do, if it can be played, it can be copied.

That being said, there are a few best-practices tactics you can employ:

• Media should be accessed with a token. This token should be generated for a specific user session on-the-fly, and should only be able to be used once. If someone copies the media URL and sends to their friend, that friend will be denied access to the media.
• Implement rate limiting to prevent bots from scraping your entire media library. You should have a per-user/session limit that is high enough that a single user will never reasonably exceed with heavy usage of your app, but low enough that makes it impractical to get your whole library. You should also have a separate network-address-based rate limit. This limit must be higher to accommodate situations where many users appear from a single IP address. It exists as it is possible to spoof new sessions/users.
• Analyse logs for suspicious activity. Most of the blocking of malicious users is done manually, as you find weaknesses you didn't account for.

If you do these things, you can prevent a lot of bad behavior. Also, if you have a lot of money to spend you can look into watermarking the audio with a unique encoded ID each time you output a media file. That way, if someone shares it to the world you can at least track down which user session and IP address requested it in the first place. I've never seen a case though where this sort of watermarking is worth it, as it requires a ton of CPU (you're re-encoding everything every time) and licensing of very expensive software.