3

We have a module in our project where there is an option of uploading mp4 videos , we are using html5 video tag player for playing the videos.

Problem we are facing is the privacy of the videos.At the time its very easy for the user to download our file either through right click save as video or by taking the url from the src of the video tag by inspect element. To do so I have studied a lot, and got the idea about the blob url through youtube videos which are not accesible through anyway. I tried to study about the blob-url, created one for my video url but still they are accessible and can be easily downloaded. Like youtube blob-url its not working. I also studied this ques question first answer, through which i got the idea about youtube mechanism of buffering video and how the blob url shown in inspect element for youtube is a spoof.

Most importantly I want to know how can we spoof our website url so that no one can download it through inspect element. Is it possible for us to do so and how? Any link related to this please share with me.I have tried to study a lot but still missing something.

What mechanism actually youtube follow for creating blob url and to save its videos?

Community
  • 1
  • 1
Vartika
  • 1,085
  • 3
  • 17
  • 43
  • Who is the target audience? My educated guess is that most people (read non-programmers or non-IT people) have no idea what `inspect element` is for and will never use it all. – David Votrubec Aug 03 '15 at 06:44
  • It is still possible to download videos from youtube via 3rd party browser plugin. Those plugins work in Firefox but usually not in Chrome. – David Votrubec Aug 03 '15 at 06:45
  • Still to be on safer side we want the working like youtube – Vartika Aug 03 '15 at 06:54
  • if you can play back the video, someone can steal it, unless you look into HTML5 video Encrypted Media Extensions (EME) to serve your content. – Offbeatmammal Aug 04 '15 at 02:58
  • if you just need to obfuscate the URL to stop others finding it then you could write a handler that does something like this http://blog.offbeatmammal.com/post/2006/06/30/Using-ASPNET-to-restrict-access-to-images.aspx (but in a newer language!) – Offbeatmammal Aug 04 '15 at 03:05

1 Answers1

5

As your video has to arrive at the users device there is effectively no way you can stop a user intercepting and storing the file if they want to.

The typical solution to this problem is to encrypt the file and only share the key to the encrypted video with the people you want to view it. A 'bad' user can still download the video file but will not be able to play it back without the correct key.

How you get the key to the users can be very simple (you tell them it directly via some separate communication channel, like email) or more sophisticated using some sort of DRM approach.

DRM is controversial (see Firefox discussion at link below) but it is being baked into the standards with HTML5 EME (Encrypted Meida Extensions) so is becoming more mainstream. EME essentially allow a browser request a trusted (by the video producer) element in the browser/device to decode and play an encrypted video. See a good overview of EME at the second link below.

Mick
  • 24,231
  • 1
  • 54
  • 120