Track unauthorized use of HTML/CSS/JS

Question

I encountered some cases where websites where ripped, and the design was used unauthorized. I know it is easy for someone to save the HTML/CSS/JS an upload it to it's own server and hard to prevent someone from doing this. A lot of the functionality is missing, but as someone who puts a lot of afford into a website, I was wondering what options we have here.

Some ideas I came up with:

HTML

Some sort of small file (tracking pixel), requested from my server where I can track the IP/Domain of the site the request is coming from. Of course such a code-bit is easily spotted and removed.

Is there a way to add something to the HTML file itself, which is not visible in the HTML code, which could trigger some URL?

CSS

A rule to add a tracking pixel to an element and also track IP/Domain. This will only work if the element is still present in the rendered HTML and not overwritten by another rule.

JS

Ajax request submitting the IP/Domain. This could be implemented within a JS file or an HTML file.

Problems

All of the ideas mentioned above have a similar problem. If the thieve is a little bit experienced in web-development, he/she will recognize the trackers and remove them.

There are ways to obfuscate the code but there will never be a 100% secure solution.

Any suggestions regarding this issue?

I wonder what you actually want to prevent? HTML markup is nothing that is legally protected, even if you put effort into it. You will never be able to prove someone "stole" your work. That is different with images and the like, those are more like objects, entities. But a html page? Sorry, you will waste endless time trying to track such stuff. That is not worth it. Look at it from the sunny side: the web's only purpose is to share. People like the stuff you share. Great! — arkascha, Jan 25 '15 at 16:53
This question show a great lack of understanding of how it works. There are no 'invisible' HTML tags or CSS styles. Both are just plain text formats that don't have such possibilities. Obfuscation is the best you can do, but even that can be reverse engineered, and one could even choose to just re-implement the design, which is a lot easier than making a design yourself and then implementing it. — GolezTrol, Jan 25 '15 at 16:55
possible duplicate of [What's the best way to protect proprietary HTML/CSS/JavaScript?](http://stackoverflow.com/questions/4189245/whats-the-best-way-to-protect-proprietary-html-css-javascript) and countless others — JJJ, Jan 25 '15 at 16:58
@arkascha I do not want to protect my work from stealing. I know it is possible, and like I wrote, someone with a little knowledge can easily spot such measurements. I'm looking for a way to have at least a chance of tracking copies of my work. — pensan, Jan 25 '15 at 16:58
The question remains: _what for_? If you don't want people to look at your stuff, then don't publish. — arkascha, Jan 25 '15 at 16:59
@GolezTrol I know that there are now invisible html tags. But take headers for an example. If it would be possible to add some kind of information to a header which is requested from my server, it would not be visible within the HTML document. — pensan, Jan 25 '15 at 17:00
All that is in the code is visible to the user - it's just one click away! — MightyPork, Jan 25 '15 at 17:01
@arkascha I do not want people to copy my work and using it for their own purpose without attribute/licencing. — pensan, Jan 25 '15 at 17:05
@Juhana code protection is not what I have in mind. I also do not have a problem if someone take my work for inspiration. But shameless copying and putting their own copyright beneath it. There must be something we could do. — pensan, Jan 25 '15 at 17:05
Then don't put it online. Really simple as that. What's online will get stolen. — MightyPork, Jan 25 '15 at 17:05
Simply understand that the web is not created to protect stuff. That is why some big publishing companies have such a hard time. They make the same mistake you do: more concentrating on holding back, controlling, denying, blocking, instead of giving. Giving is what creates value. Giving is what makes humans communicate. Be open! — arkascha, Jan 25 '15 at 17:08
@arkascha don't get me wrong. I'm a huge fan of open source software. But working for customers, the demand for some kind of 'action' is rising. — pensan, Jan 25 '15 at 17:13
OK. You want to control each one and everything. So do the same mistake those huge publishing companies fail with. I suggest you implement a DRM-solution for your pages. DRM is a digital rights protection framework that reliably controls who can when do what under which circumstances with something he has. It works. You have full control. Side effect: your customers will hate it, will loose interest in your work. But what the heck, you reached your goal: you control your work. Good luck! — arkascha, Jan 25 '15 at 17:18
I just want to have a change to get informed if someone is trying to steal my work. — pensan, Jan 25 '15 at 17:27

score 3 · Answer 1 · answered Jan 25 '15 at 16:55

3

To put it short, this is futile.

If I wanted to rip a website, I would pretty damn well read through the code and delete all suspicious and strange bits - your tracking pixels and such wouldn't stand a chance.

Really, this is not gonna be good for anything. If you find someone stealing your design, you can sue them or whatever, but adding backdoor/spying code to the design will not help you.

You can obfuscate the code, but then again, when someone is determined to steal it, they will. Your best bet is to set reasonable pricing and hope users will be honest.

answered Jan 25 '15 at 16:55

MightyPork

18,270
10
79
133

but to sue them, I would need to know someone stole it. This is why I'm looking for tracking possiblities. – pensan Jan 25 '15 at 17:09
Well if there's unique names or text content, you can always just google for it once in a while, and find who copied it. Google can also search by image, if you have any images in it. – MightyPork Jan 25 '15 at 17:12
This would require a manual search and, like you said, unique content :/ – pensan Jan 25 '15 at 17:18

score 1 · Answer 2 · answered Jan 25 '15 at 17:13

It's not possible to prevent someone from stealing your code. However, it's not beyond the realms of possibility to use a bit of JS that would let your server know when it was loaded up.

Of course, as MightyPork says, anyone with serious intent will strip out suspicious code. That's the bottom line here.

However, less savvy developers (the kind that might be trying to steal HTML) will miss things. For instance, the Google Analytic's tracking code is very common in pages and may be missed. As soon as it's in there, you can check from your GA account, to see which domains it is reporting from. If it's not yours, then you'll know and can take appropriate legal action (if you have the rights).

Hell, you could even disguise the GA tracking snippet to send a request to your own server.

var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-XXXXX-X']);
_gaq.push(['_trackPageview']);

(function() {
  var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
  ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.yoursite.com/ga.js';
  var s = document.getElementsByTagName('script')[0];
  s.parentNode.insertBefore(ga, s);
})();

Just set up a listener on your server that will intercept requests to ga.js and email yourself when they are made.

You could almost certainly get some interesting answers back by posting this on the Programming Puzzles and Codegolf StackExchange site.

This is an interesting approach. Some users may just change the UA-XXXX-X part and do not realize the 'wrong' URL. — pensan, Jan 25 '15 at 17:26

Track unauthorized use of HTML/CSS/JS

2 Answers2