These past few days I've ...These past few days I've been working on making it so noone can find my .flv file, nor download it. (Obviously I can't prevent screen capture).
Can someone please test what I've done, and inform me if they can either download the *correct* flv, or find the filename / location of the flv?
You should notice that if you try to capture the flv using a simple HTTP downloader (Bitcomet, GetRight, etc) you'll get a "Access Denied" flv instead.
The test url I set up is http://jet.kjhosting.com/stealmyvid.html
Yeah, did you read what I wrote, and actually watch the video? You downloaded the "Access Denied" .flv.
Quote- "You should notice that if you try to capture the flv using a simple HTTP downloader (Bitcomet, GetRight, etc) you'll get a "Access Denied" flv instead." Watch the video, it'll be an 'Access Denied' flv.
Thanks for trying though. Anyone else?
The "wrong" FLV is 1.1mb, and the correct flv is around 20MB.
Thanks for that- just wondering, can not every video be easily grabbed with Orbit Downloader? This would go in the "can't prevent" basket yeah? Along with screen capture?
Do you know of a way to prevent Orbit Downloader from being able to capture it?
@Khan- Found the location of the video? Or just grabbed the video file? If you found the location, can you please post it for me.
Thanks =)
Edit: I just had a quick look at UrlSnooper- and all I could find from that was the .swf file for the flash player, or the "Incorrect" flv. Am I missing something?
So this is what I've concluded so far- I can't stop screen capture, Orbit Downloader or those similar which simply capture the video as it's being downloaded.
But no-one can download my video any other way, or more importantly, find the actual location or name of my video?
Note that a setup like this is very difficult to scale. If all your videos have to be proxied through a PHP script, you need a lot of server capacity if, for example, you run a popular UGC site.
For a low-traffic site this might be a solution though. Note that any kind of serverscript will do a similar trick, as long as:
The key/request to grab a video is always a one-time one.
The video always autostarts, so someone won’t be able to reconstruct the url before the player has requested it.
Thanks JereonW. If the amount of videos I was dishing out did grow exponentially- is there a better way to do this?
I'm selling this primarily to schools which need to obey copyright laws and can't upload their videos to youtube or the like, and need to make it so that a random stranger can't grab the embed code. In saying that- is there a better way?
I used my download helper extension for Firefox. Downloaded a 3.61mb video called vid144.flv. It was not the "Access Denied" video you were talking about, it was some religious classroom preaching video.
As far as the location of the file, this is all I got using that same extension: http://media.kjhosting.com/get_video.php.test?vid=144.flv
Thanks blindeyed. So it seems that there are several firefox (and other browser) extensions or the like that can capture the video as it's coming in. I don't see how anyone would be able to prevent that? Unless I'm wrong?
In it's real setting (rather than at my test page I set up) people can only get to the page showing the video providing they have correct permissions given to them by their administrator.
So in saying that, considering you cannot use the embed code in another website, or link to my flv in any other way, And if you want to capture it, you'll have to have permission to access the video anyway- I think it seems pretty safe?
What codes are you using to protect your flv files? I would like to securely protect my video files (like you have done) but I'm not too sure how to go about it.
Is the primary issue that one person may download the video file and share it, or that someone will build a link that can be shared so that everyone can download a fresh copy of it?
Since the trailer makes it seem to be a course on Christianity and understanding the reach of God in all directions, possibly some other "higher power" could be applied to keep the students honest? (heh)
If the test of "is this steal-able?" is going to be "can a member of Anonymous grab the file and upload it to YouTube?" then I think you may be out of luck.
It makes a difference on the approach: if the intent is to make sure no revenue is lost due to viewers that would have paid but managed to get it for free, then you can probably clamp it down well enough. If the intention is to keep idiots (that would not be potential paying customers) from seeing it, or making copies, then it is much tougher.
You could do multiple levels of security: trusted network+trusted device+trusted user, but this can get a bit crazy, and doesn't allow the students flexibility to view the videos from alternate locations (like a Starbucks).
You COULD deliver it as a true stream, and validate not just permission on a site directory, but also against a list of valid IP addresses (or ranges) before allowing the stream.
If it is really copyright and commercial concerns, then the school will likely only need to show that it exercised due dilligence in keeping the files secure. I think you have already got enough in place for that.
One thing I WILL recommend: Get the versions that you will be hosting to have some sort of a watermark or key, so that if the videos manage to show up on YouTube or bitTorrent or somewhere, you can figure out if it came from your copies, or another source. It would be a shame to go to all of this trouble to lock it down and still get a finger pointed at you, when the leaked video came from someone else's server.
The "idiots" know how to remove watermarks, so don't crap up your video with them.
The best way to prevent downloading/leeching is to make your content so worthless that no one wants it. Turn on your TV and select any channel at random for examples.
Hi I have a library of my educational videos -now I want to setup my membership site, I need to protect my files from downloading by real player or other similar software when the member watch it. means the member can only watch the video but cant download it. appreciate any help.
i was looking for a way to download a video that orbit wasn't seeing, found this thread and then the download helper extension for firefox and that did the job. thanks!
If it's out there, as one said, it can be downloaded. You just need to know how to. At the moment, with the downloadhelper firefox extension I managed to download even imeem FULL MP3 and Videos without paying!
I sent them an email and i am sure they are pulling their hair trying something similar to the idea behind this thread!
I have been trying to find a way to download and save the vids over at Kelby Training, I have paid up membership and subscription so Im not just stealing their vids. They have some player inside player system where Orbit, DownloadHelper and a list of other gadgets have not been able to detect the streaming video.
Any suggestions would be great cause it is such a pain having to go and stream the video everytime I want to check a technique.
Orbit detects the vids at Kelbytraining with Grab++ but cant download. Replay media catcher can but it's 40$. Is there a way to make orbit download? It goes: "Connecting flashmedia.kelbymediagroup.com:1935 Connected Wait for retry(5S)"
It's pretty much impossible to prevent downloading of your videos, however in certain circumstances you can prevent others from playing them.
If you know the URL your video should be played from (ie. you are hosting a video or are selling it to someone playing it from a known URL), you can use some ActionScript to check that the _root.url is in fact this site (if it isn't, halt playing the video). Then use an obfuscator (like SecureSWF) on the file so that if it's decompiled, the _root.url check cannot be removed.
Obfuscators can probably be broken, but I've not seen any evidence of a known crack for the likes of SecureSWF.
Only secure RTMP formats, used by hulu and the likes are close to impossible, remember I said close and not completely. I can't find a way to "grab" those, (other than screen capture) but then again, i am the 'village idiot'. Has any one figured those out???.
I'll award 100 intewebs points to anyone who can steal the livebooks.com templates.
(ie: http://www.stevecohenphoto.com and http://www.joeschmelzer.com/ )
I've tried the aforementioned techniques and come up with nothing. I would really like to rip these flash templates and torrent them out to the interested community.
Hi Nyarlathotep, You said is impossible to prevent people to download FLV. any solution for paid viewing service? meaning if have to paid to view that video and must be member login.
Would anyone here know how to download a flash video like this one? (showing a laptop screen with a revolving globe) http://www.asam.org/topflash/holder_sections.swf?section=resources
Not possible with Downloadhelper extension for Firefox.
i also hav a trouble on capturing flv video through DownloadHelper...whenever a video if played in jwplayer...firefox's DownloadHelper can find i anymore...unlike before..on the videos started downloading..DownloadHelper icon on toolbar starting or move...but now its not..
There is no magic bullet when it comes to protecting your content online. You have to use a layered security approach to prevent content to be downloaded without permission. As you may have already guessed, none of this comes cheap. Unless you use a CDN or can run your own infrastructure, you won't be able to completely protect your content.
1. Login & HTTPS : As your first line of defense, make sure that you are requiring your users to log in to a site and have all communication between the server and client be encrypted. While that doesn't ensure that user's don't steal your content, they have to have an account before they can do so. You can then track who accessed content and even use credentials to watermark video.
2. RTMPE vs. Progressive: Streaming files over progressive download means files don't get cached in the browser, making it somewhat more difficult to retrieve them. RTMPE is Adobe's encrypted streaming technology and is available in FMS or via CDN's like Akamai. I have found this to eliminate many of the off-the-shelf rippers. It doesn't prevent all of them, but it's an extra barrier that limits the software packages that can access these streams.
3. Encrypt your file name: We use an MD5 hash to encrypt the name of the video file and then de-crypt it in the player (as an AS3 plugin). Users who look at your source will see a url that they can't make any sense of and often give up.
4. SWF Verification: Another FMS-only feature that is supported by some CDN's like Akamai. It essentially does a checksum test on the SWF player to make sure it is identical to the one you you cleared for use. So if someone uses their video player to plug your link in, it won't play back.
5. Token based authentication: In this scenario every file request is accompanied by a token that is valid for a specific amount of time. If you limit that to 5 or 10 seconds (as long as it takes to load the initial video), a third party capture tool may not have enough time to grab the link. It also means that if someone forward the page or player the video won't work because the token has expired. This is very effective in my experience.
6. Watermarking: If you require authentication on your website, you could add watermarks to your video. There are two options for this: a simple overlay using JW's logo feature or a server-side approach that actually changes the video. Option 1 would have you generate a transparent IMG in PHP or another web language and overlay that during playback (or maybe just for the first 20 seconds). If someone uses a screen-grabber this is an excellent deterrent as it's tough to get that out of the video if placed somewhere in the middle of the player. Option 2 is much more involved and less scalable. By using a combination of meconder and ffmpeg, you can read a file from source and stream it out at the same time while adding a video overlay. This actually changes the file itself as it gets delivered.
what about poor man's drm ,the video is a specific format that could be played in the player but not in computers because every video is split in into 4 (not very hard to do with php and bit of fiddling with javascript) and each of it is a different format and make the serving script (ie- http://media.kjhosting.com/get_video.php.test?vid=144.flv&OBT_fname=get_video.php.flv ) not serve until it has checked for a cookie , if you want , i could code it but mine may not be perfect with hundreds of flaws including the screen recording problem
