6

Is there a way to prevent user from taking screenshots or capturing screen of your videos file? Something similar to how Netflix implements it. It returns a black screen whenever we try to click a screen. I just need some starting points in the right direction. Thanks! Edit: it's more related to DRM. And Netflix is implementing it already so there must be surely some way around it.

Bhargav Rao
  • 50,140
  • 28
  • 121
  • 140
Harman Kamboj
  • 429
  • 7
  • 20
  • 1
    Netflix uses encrypted media extensions (EME) – szatmary Oct 09 '17 at 20:36
  • This does not appear to be a duplicate of that question. This question is about disabling screenshots for *videos in particular*, which is much more specific and much more answerable (as you can see by the answer below). Voting to reopen. – CertainPerformance Feb 21 '20 at 04:16

1 Answers1

7

Netflix and similar services encrypt their content and use DRM systems to manage and share the de-cryption keys to authorised users.

Different platforms will use different players and potentially different DRM types - broadly speaking, for the main systems, Apple devices and browsers use fairPlay, Windows devices and browsers use PlayReady and Google devices and Browsers use Widevine.

Its gets a little more complicated when you have a browser from one of the above running on a device from n different one, but the general rule is the browser vendor will decide which DRM is used if it is supported (not all browsers on all devices support DRM).

If you want to use a DRM service you either need to approach the individual DRM suppliers or use a Multi DRM vendor or service supplier.

You can also use a less secure encryption which would not be acceptable to most commercial content owners but which may be good enough for your case - AES encryption or Clearkey with DASH.

These are not as secure but are sometimes good enough for certain needs.

You can use ffmpeg and openssl to create an AES encrypted HLS stream - the ffmpeg documentation (http://ffmpeg.org/ffmpeg-all.html#Options-34) includes this example script:

#!/bin/sh
BASE_URL=${1:-'.'}
openssl rand 16 > file.key
echo $BASE_URL/file.key > file.keyinfo
echo file.key >> file.keyinfo
echo $(openssl rand -hex 16) >> file.keyinfo
ffmpeg -f lavfi -re -i testsrc -c:v h264 -hls_flags delete_segments \
  -hls_key_info_file file.keyinfo out.m3u8

You can also use mp4Box (https://gpac.wp.imt.fr/mp4box/encryption/common-encryption/) to create basic clearkey DASH encryptions:

MP4Box -crypt drm_file.xml movie.mp4 -out movie_encrypted.mp4

The drm info is included in the drm_file.xml and is explained at the link above.

On the player side, nearly all the main players like BitMovin and JWPlayer on the web via EME, ExoPlayer on android natively etc will support DRM and encrypted playback. These should work as standard detecting the encrypted content, so long as they are configured correctly and will take care of the 'black screen' effect you mention for you.

Mick
  • 24,231
  • 1
  • 54
  • 120
  • Widevine encrypts content via three levels of security: L1, L2, and L3. Only L1 can blackout screenshots, no? – est Jul 10 '20 at 10:10
  • In practice usually only L1 and L3 are used - L1 is tied to the hardware and usually includes a secure media path and L3 is a software based solution. Capabilities constantly evolve so its hard to be definitive and the behaviour from one device to another may be different, and even different on different apps on the same device. At this time screen blackout for screen shots is typically not available on L3, yes. – Mick Jul 10 '20 at 12:47
  • do you need some js to switch to L1 or it's chosen automatically? – est Jul 16 '20 at 06:55
  • 1
    @est - the DRM installation on the device will 'know' whether it is L1, L2 or L3 and will tell the DRM server when it requests the license. – Mick Jul 16 '20 at 11:28
  • thanks. Is it possible to programmatically make sure the content is only served at L1 level? How to check it with javascript? – est Aug 03 '20 at 09:36
  • @est - there is usually configuration or an API in your multi DRM server or service that will allow you set rules such as saying that a particular piece of content is only to be sent a decryption key when the device is L1 widevine. This will be dependent on your particular DRM service so you'll need to check with them or their documentation. – Mick Aug 03 '20 at 10:58
  • 1
    Yes but the docs are extremely lacking. I am a indie dev with no company affiliation and sadly the docs always requires some kind of register. – est Aug 05 '20 at 07:42