Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Can i protect my Mp3s from being downloaded?


Hey, is there any way of protecting my mp3s being used in the JW player from being downloaded if people follow the url in a 'play' link like this:

<a href="javascript:createplayer('folder/audio/track.mp3', true)">Play</a>

Am i going about this the wrong way...? I need a single player displayed on the page with text links to play different mp3s

thanks...

tom

47 Community Answers

JW Player

User  
0 rated :

I think you could 'hide' them in a playlist but that's making it harder rather than securing it.

The only way of stopping your files from being downloaded is (I believe) to use a rtmp connection. And then there are plenty of hoops to go through to make that secure.

JW Player

User  
0 rated :

Create a playlist that is on the webserver outside of the root folder.
IE: /folder/webroot/yourfiles your playlist would be in /folder/playlists/playlist.xml
Now open the flash source code in Flash CS3 and hardcode the file variable into the flash file along with all the other varibles you set normally. The hardcoded path should be /folder/playlists/etc.xml
Now you simply create a .swf file for each song and have the href call that particular flash file be written.

Only works if you have like 20 songs or so....

JW Player

User  
0 rated :

@Tom P

Hey Tom,

This came up in an earlier thread, and I'll say the same thing to you ..

really, what's the point of trying to prevent a download? No matter what you do, you cannot stop anyone from obtaining an exact digital copy of something you offer on your server.

Simple recipe: (not to promote this, but to show you how easy it is)

1. Download Audacity
2. Enable "What you Hear"
3. Press Record
4. Play music on the internet.

You can mask, stream, hide, put playlists on different servers ... whatever ..

at the end of the day: it doesn't matter. In order to be played by the flash player, it gets cached. So it's already on the local PC.

And, with the recipe above, anyone and their grandmother can record a digital stream ..

So, that's not the issue ..

If you create good audio content of your own .. provide a method that people can use to compensate you for it ... if they appreciate it, you will be compensated for it ... if not, they won't ... but does that say something about them, or the audio content you created? I'll let you answer that for yourself ..

now, what if you're serving audio content that doesn't belong to you, and you're asking this question because of bandwidth issues? ... in that case, you really don't have anything to complain about .. if you don't own the content, you have nothing to say about what other people want do do with it ...

if you do own the content, and don't want people to steal it .. don't make it available .. plain and simple .. there is nothing you can do to stop that ..

so, create good content .. offer people a means to reward you for it.. and enjoy it when they do ..

-jeremy

JW Player

User  
0 rated :

Thanks Kelly, not that up on Flash but i will have a go!

Hi jeremy, I do own the audio content, and it is on my server - i just didn't want to make it as easy a typing the url they see at the bottom of the browser and 'saving as', there are plenty of people who do not know how to save streamed audio / or don't go to the trouble of setting up the means to do it.

I think it is fair enough to try and provide at least whatever small amount of protection i can for audio content.

JW Player

User  
0 rated :

Maybe there is another way. I'm currently in the process of setting up a site that will be streaming audio. While I want people to be able to hear the audio at full quality, i want to discourage them from finding ways to download them for their personal use at home (since in the future I will want to sell these files to the same users).

If I upload a block of songs to a directory, is there any application out there that can automatically process those files, inserting a second audio file (such as a voiceover) every X number of seconds, eventually spitting out the finalized file into a second directory that can be accessed by the streaming player?

If I was the only artist, I would just do this myself, but we are expecting hundreds of uploads a day, therefore would not be able to do the processing manually.

Does anyone know of an automated tool similar to the one I'm describing, that has the ability to do batch jobs?

-Ryan

JW Player

User  
0 rated :

Hi there!

I have the same problem. I'd like to make the life really hard to those who want to download the mp3s. I know you can record every audio that is played on your pc, anyway I don't want the users to directly download the file.

I tried putting a password or a md5 inside the mediaplayer.swf to reach the mp3 url: it's a good solution but not so strong, as it's necessary to open the swf compiled to find the key to download the files.

I should be able to identify if the http request comes from the flash application http://www.domain.com/mediaplayer.swf or not, so I could set up a "fake streaming" stream.php that can serve the data only to the desired application and not to the download.

I need a secure way to recognize the request, it's not enough to put a "code" inside the swf request, as anyone can find it out simply cracking the swf file.
I tried to look at the $_SERVER variables in PHP but they seem to be the same if the request to the stream.php file comes from the flash player or from the browser for direct download.

I thought about the $_SERVER['HTTP_REFERER'] variable, anyway when the mediaplayer.swf is calling the stream.php, this variable is empty, otherwise it could be a perfect check.

JW Player

User  
0 rated :

Don't waste your time.

The state-of-the-art downloaders are way ahead of you. Everytime I play *ANY* media file in *ANY* player, a little icon pops up, asking "Get It?". If I click on the icon, the media file is downloaded.

It's so simple, even my grandmother can do it for her Youtube videos, and she's about 95. You think I'm kidding? Here she is when she was a little girl:[url=http://www.youtube.com/watch?v=TUx4K2OCPbY]Old Film[/url].

Just install Orbit Downloader.

JW Player

User  
0 rated :

D'oh!

How can it do this? Will it work for an mp3 file served by a stream.php and no-cache header?

header("Cache-Control: no-store, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Content-Type: audio/mpeg");

JW Player

User  
0 rated :

Other solution: streaming SSL sever. Could it be enough?

JW Player

User  
0 rated :

bc.. Other solution: streaming SSL sever. Could it be enough?

Please test and let us know if it works. Thanks.

JW Player

User  
0 rated :

I read on the Orbit Downloader website that it can save https streams also... :(

JW Player

User  
0 rated :

I have recently started recording cover songs. I pay ascap $340 a year for streaming and 9.1 cents a song to the artist for downloads. The only problem is, I need a paper trail to tell the difference. If someone is capturing a stream, I don't want to worry about it. On my end it's a stream. I found a help site that instructed me to make an m3u file, which I have done, but when I click on it, it opens the mp3 file in media player and all I have to do then is select save file as.

Thanks for any help,

Johnny Covers

www.johnnycovers.net

JW Player

User  
-1 rated :

Kids, stop whining and get a job. I make music myself, I haven't seen money even close to paying my food and rent, so why not f**king work half the day, make music the other half and let people download whatever they want?

JW Player

User  
0 rated :

@Ulsen,

I hear ya !!

*_And make it easy to pay the artist directly._*

JW Player

User  
0 rated :

With all due respect to you, no one asked for your opinion on how they should run their life, the question was simply could audio files be further protected from easy download.

I personally don't think saying "GET A JOB!" is solving this particular problem in any way, especially when you don't even know what the inidividual's situations are.


I'd like to hear some more suggestions for the question at hand! Thanks.

JW Player

User  
0 rated :

@Daniel,

With all due respect to *you*, no one asked for your opinion either.

But most of us live in free countries where people's right to express their opinions, no matter how disagreeable they might be, is revered.

So back to the subject at hand. No media that is displayed/played on a user's computer can be protected now.

Artists and others creating audio/video media need to rethink their business model and find new ways to get paid.

I read that NiN gave away their most recent album, but made $750,000, in just a few days, selling collector's editions of the album.

The whole media business is changing rapidly. Those who adapt will survive; those who don't won't.

JW Player

User  
0 rated :

The best way I know no prevent downloading of mp3 files is by using a host in wich you can control ALL your webspace. If you're able to use Control Panel, for example, you can deny users acess to downloading files, protecting them in the source. By doing that, you can have your files looking something like www.yourdomain.com/music/file.mp3 but no one can acess them by that adress, except the websites you specify.

JW Player

User  
0 rated :

@Canito,

The way the system works is... if I listen to your MP3, the file is in my browser's cache.

So... it's already downloaded!

JW Player

User  
0 rated :

You can always play a cover sound, like a ping every two seconds. It is clearly a security thing and people know that when they buy they don't get that additional sound. The other big problem is once people have bought it, they can share it on the net and Limewire.

Digital files are never safe. If someone really wants it, they can get it. I like the first suggestion where it is hand coded into Flash, or better yet have Flash read data from a secret file and get the directory from there. Also ensure that the directory is protected of course.

Probably the most secure way is simply never to share - ever :-)

Good luck

JW Player

User  
0 rated :

bc.. I thought about the $_SERVER['HTTP_REFERER'] variable, anyway when the mediaplayer.swf is calling the stream.php, this variable is empty, otherwise it could be a perfect check.


This is a Firefox bug. When Flash inside of Firefox makes a request to a server, the Referer header is not set.

What I do is I require each external site to use an API key. The key is locked to a domain (checked against the referer), similar to what the Google API does. In order to retrieve the video data, one of the following conditions must be true:

(1) The domain of the Referer header must be that of my website.
(2) A valid key must be provided and the domain of the Referer header must match the domain assigned to the key.
(3) The User-Agent must indicate that Firefox is being used.

There is no way to ever stop a user from getting the file. Even if it wasn't for the Firefox bug, someone could visit a site that uses a key, copy the key, and make a hand-crafted HTTP request with the proper URL set in the Referer and the key provided to get the file. This technique is not any kind of DRM.

What this technique _does_ do is stop people from using your server as a video hosting provider. It also stops less knowledgeable leeches from stealing your content to put up on their own site. (And trust must, the vast majority of people have no clue how to work around this stuff... there may be a few loud ones on this site, but compared to the 1.5 or so billion Internet users in the world, they're not even a blip on the radar.) If someone without a valid API key for their domain tries to link to your content, or view it using a player on another site, it won't work unless they are using Firefox. Since Firefox is still not the majority browser in the market, this at least will stop larger operations from trying to leech.

Hopefully by the time that supporting IE is no longer necessary for large sites (much like not supporting Firefox is apparently still considered an option for many sites today) Firefox will finally fix the damn bug with Referer headers and Flash.

For reference:

https://bugzilla.mozilla.org/show_bug.cgi?id=410904

JW Player

User  
0 rated :

What about password-protecting the page of the "actual" audio (download page) and then have a song demo page? I am very "green" so forgive my ignorance on this subject. Great thread guys (gals?).

JW Player

User  
0 rated :

All you whiny bitches in here talking about "free speech" and GET A JOB! and bla bla. Just answer the questions and stay to the subject. :)

JW Player

User  
0 rated :

I thought *_THAT_* was the subject.

JW Player

User  
0 rated :

ya, dont bother, if i wanted your music i could have it in less than 10 seconds
be 1 of the cool artists, offer it directly and try to make money selling physical media of it

JW Player

User  
0 rated :

Can anyone point me to a Content Management System that could control streaming of mp3's. It has been suggested to me that this might (at least partially) protect the MP3's...

Thanks in advance.

JW Player

User  
0 rated :

Tom,

This might not be quite the case for you, but if you were looking to protect your MP3s because they're files that you yourself are selling via say ClickBank or PayPal then I can highly recommend my own Easy-Download Protector.

With EDP installed you can sell any kind of digital product, including MP3s, flash videos as well as PDFs, etc., and then only allow access to those who have actually purchased them for you.

In the latest v5 of Easy-Download Protector there's even IP Address Abuse protection so that you can tell whether someone has purchased from you, set up a login and password and then gone ahead and shared that around the internet!

Anyway, may be of use in your case and I'm sure others will find Easy-Download Protector handy at:
http://www.Easy-Download.com

Michael Green

JW Player

User  
0 rated :

OK, all you all shut up for a second, there is a simple request here and there must be a simple answer... first off lets get a few things out of the way, here is what we already know, so don't blabber it as an excuse for not trying to come up with a reasonable answer:

1) All streaming media can be scrapped by special apps
2) Most streaming media ends up in browser cache and can be found


So what... we know that any dishonest ashole can scrap your stream... the request isn't about you assholes... the request is about how to make it someone can not viwe the source of your webpage, find the URL to the playlist and then find the URL to each MP3, for example, and download the origional mp3 file. For arguements sake, we dont give a crap about the cached content after it has been streamed or some stupid as kid who is cleaver enoug to scrap it, the asshole would never had bought it anyways, and again, for arguement sake, while it might be a digital replica of the content, a scrap is not a perfect replica of the original file, for example, not META data would be available from a scrap... I am not sure about cache content, but it might also be the cas as well...

So, how do we keep the location of the playlist and/or the mp3s RELATIVELY secret, obfuscated, or really hard to get in a simple easy way? Its not about stopping the assholes, its about keeping the HONEST people honest...

Anyone have any helpful ideas?

JW Player

User  
0 rated :


If there's an mp3 file, then it can be taken. If you load the sounds directly into a flash project, then compile it, the listener won't have a separate mp3 file to extract; instead they will have to play the flv project.

Unfortunately anything that can be heard on your computer can be recorded. I guess you just have to make it as hard and annoying as possible to record.

JW Player

User  
0 rated :


Put the MP3 in an FLV container with ffmpeg or whatever...

No transcoding needed, so the quality stays the same.

The Flash Player will play it exactly as if it is the original MP3 file, but it will be less useful to those looking for MP3s for other uses. Sure it can be converted back to an MP3, but the software to do that is less commonly available.

JW Player

User  
0 rated :

Reviving this topic...

hiding something and thieves steal it is not my problem, exposing things and letting thieves steal it is the problem here...

so... is there a solution to hide the location of the audio files but making it playable on the player?

JW Player

User  
0 rated :

No. If I can play it, I can capture it with a click of the mouse.

JW Player

User  
0 rated :

I don't mind if you capture it... as long as you did not download it by looking at the source.

rephrasing the question.

Can i make my mp3 not viewable on the source nor the playlist.

can i make my playlist not viewable on the user's browser?

JW Player

User  
0 rated :

@ameisez - unless you use true streaming, the .mp3 files, playlist and urls will all be in the browser cache after playing - ready to copy and play/show on other devices or distribute - even if you encrypt or hide...

the internet was designed to distribute information and easy access, so it is quite difficult to undo these basic features...

*but* most people have *absolutely no clue *on how their computers and the web works - and will never look in the source code or the cache - but those few with intend will get your files, one way or the other...

one of the very most basic features of the internet is the ability to link to files at other locations - and there have been many courtcases around the world on the issue of deeplinking to copyrighted material - and it is ofcourse not allowed to present the work of others as your own.

another issue is when people realise that when placing big files on the web, the traffic can quickly be more expensive than imagined because people will link to the files...

the simplest way to avoid this "theft" of bandwidth (known as leeching) is simply to use JeroenWs - *BotR* as host - *http://www.longtailvideo.com/players/CMS-Bits-on-the-Run*

JW Player

User  
0 rated :

Simple solution for allowing a play for shopping purposes is to make the samples a highly compressed MP3. Good enough to get an idea if they like it but not for critical listening. Then set up the pay to download portion of the site to send the high quality version.

JW Player

User  
0 rated :

Ahm, if the stream is pure music, then getting a high quality copy of it is easy. If worse comes to worse, the person who wants to "steal" the music just connects an audio recorder to their soundcard, bypassing ALL security. It will record at the highest possible quality, in multi-channel glory.

The solution is:

1) Sabotage the music (as has been suggested) by placing random tones throughout.

2) Ensure that the quality of the music is really poor. Set a very low bitrate with mono sound.

Ultimately, the best solution is to ignore it though. It's been my experience that people who can't download your music for free will NEVER pay for it anyway.

Ultimately the best model nowadays is to allow everyone to download your music for free, in high quality. This means that everyone will come to YOUR site to get it so getting it from P2P becomes useless. Then simply ask for donations from people who like it. This will generate goodwill and a loyal fanbase (assuming you are any good!). Revenues will come naturally as people who like your music will always be happy to donate reasonable amounts - especially if they know it's going direct to their favorite artist with no middle men taking 90%+.

The RIAA is what is propagating the whole "licensing" and copyright theft scam. This benefits their recording studio members who see that their number is up - eventually all artists will realize the power of cutting out the middle-man. CD's are becoming a thing of the past (the only thing a studio really provided of any value was physical distribution and marketing - both of which can be done direct now with the Internet). Unfortunately the radio stations still pay homage to the RIAA thugs, but that I think will change in the not-too-distant future :) Hopefully the demise of the RIAA and its studio members will mean that the utter crap that they release from their "manufacturered" bands (a la Spice Girls, etc) will be a thing of the past too ;)

Thanks!

Rom

JW Player

User  
0 rated :

@Tod,

Thanks for the *_SPAM_*.

That's bad enough, but did you also have to double post it?

JW Player

User  
0 rated :

looks like spam to me above.

JW Player

User  
0 rated :

using xml .

JW Player

User  
0 rated :

How about storing your mp3 files in a db?

JW Player

User  
0 rated :

Geez...let me answer this stupid question:

NO, you can't keep people from saving your files or distributing them. If you're going to make them available for "listening", then it is quite possible that anyone with half a brain knows how to save them, retrieve them and SHARE them if they want to do so.

Here's a hint: use Audacity (free) to take a 6 or 7 second sample of the song (or whatever length you want). Save it and share THAT shortened file....if people want the music, they'll buy it...otherwise you're wasting your time, effort, money and bandwidth trying to do anything else.

JW Player

User  
0 rated :

i have come across manysolutions such as DRM, expiry dates etc. one thing though, there is a site called 1club.fm, plays dance radio, can download stream with orbit, but since it is being broadcast in a way similar to a real radio, that is, say you have file1.mp3, it's being broadcast to a stream using stream.mp3, raltime, which means that, like a radio, you can't fast forward, and the sound is there only for the time you hear it, after that, stream.mp3 contains the new data. it constantly changes, so if you download stream.mp3, you'll just get the data that was embedded in it at the time of the download, i.e. about 1 second of playback, and it will come out corrupt. i'd like to find out how to do this, although from the way i explain it, it sounds remarkably simple. i can be reached at webmaster@jacklancer.co.cc

JW Player

User  
0 rated :

After reading this entire thread, I think I must agree with Bullshipp Artist (BA) and the like when they say to sabotage the music file being played in some way, making it less desirable to download, save and keep. In my opinion, BA has the best solution by suggesting to make available only a portion of the song, a sample, thus retaining excellent sound quality for the listener. The length of the sample doesn't matter because most people don't want parts of songs, they want the whole thing. If they like what they hear well enough, maybe they'll buy it.

I understand the dilemma with this issue. The desire to share your creation VS. the desire to protect your intellectual property rights. This issue is as old as the industry itself. With sharing your creations, you will always be taking that risk.

please visit my site @ www.haymanquarterly.com

JW Player

User  
0 rated :

Its good Idea But think about low quality one.

JW Player

User  
0 rated :

I am looking for a way to legally offer downloaded mp3's to my site vistors, keeping with the law, and at the same time, having a massive collection to offer... im up too 100+ GB's of Mp3's. I launched my web site a little too fast , and now im stuck as to what the best way to offer the ssongs is. I already know there is scripts from dynamiclink.com that disable the right click of the context menu. But i also didnt see the other ways the site which had this protected their files. Maybe they didnt offer any mp3's, as this was a long time ago, in 97'. But i know i was pissed of that i couldnt view the source page.

I have about 20,000 songs that i personally downloaded by my own lists and i have tracks that arent offered in cd stores, by techno, and trance artists. Why dont they start producing kiosks that connect to their online stores and people can download and pay for only the songs they want. I personally thought that recording from the speakers or sound card was \very cheesy of these ripper programs to do, and so i thought that was why the sound was always horrible. But its just like the others have said. They make the audio available of very poor quality, so that youll want to, or have to buy the original....

I never knew this was a strategy, i just thought that the ripper softwares out there were saying they were ripping digital, but in fact i thought they were extracting analog, and that no rippers could ever record streaming media. I thought the same thing about video streams. It alaways looked like it was just screen capture software, and they werent actually doing any decoding. I know the netflix streams havent been cracked yet, and i still haven't found good software to record WMV, although it seems that just about everything microsft has put their hands on, has been cracked. Maybe WMV really is cracked, and so too are the mp3 and radio streams, but its a shame that all that ripping is for no reason at all because of the poor quality...

Back to my situation, i need a way to imburse the creators of the music, and maybe this is how record industries will revive themselves. Inventing new technologies to disperse the content in protected formats. But shit, even apples DRM is cracked so i guess the whole damn systems gone to hell...

Well ill just open a free but Secure or encrypted FTP SERVER, to host the files....

JW Player

User  
0 rated :

Hi all,
I have a method of at least making the download a little more troublesome, if not a complete solution.

What I've done is create a swf file which is repeated on the page for each instance in an XML file. The XML file contains track info including the URL. A PHP script writes the .swf OBJECT/EMBED tag [using swfobject.js] which includes the relative url in the flashvars which draws the MP3 into the player.
bc.. [ 'so.addParam("flashvars", "trackName=' . $title . '&trackLoc=/' . $url . '&");' ]

Pretty standard so far.

My 'solution' is to password protect the directory with the tracks using .htaccess. Inside the "player" swf I use loadmovie() to load a single pixel swf from the protected directory with ftp by embedding the user/pass in the url like this:
bc.. loadMovie("ftp://user:pass@MyDomain.com/tracks/connect.swf","connector";


This way creates access permission for the SWF to load the movie, but if anyone views the source, grabs the track location and pastes the URL is asked for the password to the protected directory.

If anyone can punch some holes in this, please do so i know what I've missed.

I am aware that this is not immune to recording with Audacity or some other software, or that by monitoring traffic between the swf and the server may reveal the user/pass combo, but does make you 'work' for it ;) . If you want the music THAT bad, i'll take it as a compliment.

r

JW Player

User  
0 rated :

Richard - thanks for the post above - I'm looking for a similar solution - in my case I am doing an online kung fu training site, and looking to protect my video content from non-members - realizing that members can download the videos if they are members - but if someone is not a member, i'd like to prevent them from grabbing all my stuff for free.

I like the idea of .htaccess, and the ftp idea is a clever embed. I'm currently using the jwplayer.js with an XML playlist, so I'm going to have to see how I can make your solution work with my setup.

Ethan Feldman

JW Player Support Agent  
0 rated :

@FuJowPai – You should read this – http://www.longtailvideo.com/support/blog/13088/securing-your-content

This question has received the maximum number of answers.