1

I am currently building an application with ReactJs and MongoDB displaying videos. My problem is that I want to prevent the end user from saving those videos either by accessing the console and inspect it and therefore get the url of the video or by simply downloading it on their computer.

At the moment, I have a script that disconnects the user if he opens the devTools :

useEffect(() => {
    console.log(Object.defineProperties(new Error, {
        message: {get() {
                setOpened(true)
            }
        },
        toString: {value() {(new Error).stack.includes('toString@')&&alert('Safari')}}
    }));
    
    if (opened) {
        logoutHandler()
    }
}, []);

And other one to prevent right clicking :

useEffect(() => {
    document.onkeydown = function (e) {
        return false;
    };
    document.addEventListener('contextmenu', (e) => {
        e.preventDefault();
        setOpened(true)
    });
}, []);

The problem is that with a simple add-on, https://addons.mozilla.org/fr/firefox/addon/absolute-enable-right-click/, the user can right click again and save the video by clicking on "Save video as...".

I have also thought of splitting the videos when I upload them and then kind of "stream" them, but I haven't found any proper documentation on the subject... Currently the videos are stored into a Firebase bucket.

Would you have any advice on the matter please ?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Hadrien Jaubert
  • 154
  • 1
  • 3
  • 11
  • Does this answer your question? [Prevent HTML5 video from being downloaded (right-click saved)?](https://stackoverflow.com/questions/9756837/prevent-html5-video-from-being-downloaded-right-click-saved) – hinosxz Jun 20 '22 at 16:56

1 Answers1

0

IMO The best you can do is make it difficult and it sounds like you are doing a very good job of it. (minify your code to help prevent users from using local orverrides to get past your security, you can also look into DRM) However you cannot 100% prevent a user from saving the video if they are left alone with the source. The user can just setup a camera, screen record, packet sniff (wireshark), modify your javascript (local overrides), etc etc. firewalls don't stop dragons and all that.

I believe the only way to do what you are trying to do is to monitor the users while they watch the videos.

If your users need accounts to view the videos, then flashing a few pixels at special spots to be decoded later as the users id is one way to track down who is leaking your videos and remove them, but even that has its issues (compression, cropping, watermarks etc).

J D
  • 166
  • 1
  • 13
  • Is there a way to do that server-side ? Because any add-on/plugin can disable my JS code and the user can then download the videos... – Hadrien Jaubert Jun 15 '22 at 22:10