1

In my web (Rails) app, I would like to offer the ability to play music files for which I have received special permission from their publishers to make available for listening, but only from the web site. Is there a way I can support playing a music file such that downloading that file would not be possible?

The browsers' HTML 5 audio players let you download the file that's playing, so I'm looking for a different approach.

I realize that users could circumvent any restriction by redirecting their system audio to a file, or otherwise recording it, but I still want to prevent downloading the files.

Keith Bennett
  • 4,722
  • 1
  • 25
  • 35

1 Answers1

2

If the browser or client can play the audio locally then it has to download it - it is possible to do things like obfuscate the URL etc but these are generally easily worked around.

The usual next defence is to encrypt the content and pass the key securely, either with some secure proprietary method or using a DRM system.

For audio, however, because the audio path itself is mostly insecure in devices once the audio is playing, as you have noted, you have to balance the effort/cost vs the extra security this will give you.

The main commercial DRM systems in use at the time of writing are Widevine from Google, FairPlay from Apple and PlayReady from Microsoft. The coverage is roughly:

  • Android devices - Widevine
  • Chrome browser on a PC or MAC - Widevine
  • iOS device - FairPlay
  • Safari browser - FairPlay
  • Internet Explorer browser, xBox - PlayReady

As you can see, to get wide coverage using these default DRM's you typically need more than one DRM, and often a third party Multi DRM service will be used.

There are also some less secure DRM techniques which don't require a commercial service and typically transmit the key in the clear, but which may meet your needs. These include:

  • Clearkey with DASH
  • HLS AES Encryption with HLS

You can see some examples here: https://stackoverflow.com/a/46666226/334402

Mick
  • 24,231
  • 1
  • 54
  • 120
  • Can you say more about "DRM system"? That sounds like what I'm looking for. However, I read https://developer.mozilla.org/en-US/docs/Plugins/Flash_to_HTML5/Video/DRM_and_authentication, and it looks like it would be quite difficult to implement (e.g. different tools for each OS, would require signup, etc.). Is there a _simple_ DRM system, or is the complexity necessary due to the nature of what needs to be done? – Keith Bennett Aug 10 '20 at 16:08
  • 1
    I'm not sure there will be a simple DRM system, or a free, one that will completely meet your needs - I've added some notes above which may help. – Mick Aug 10 '20 at 19:15