MooTools 1.2 Image Protector: dwProtector

Very nice one again !

This seems to be a pretty handy tool to guard against the average user. However, simply by going to Firebug and looking at the pages network transactions you can easily find the URL to the image (it takes 5 seconds, 3 to load the page).

The best way to protect images is with a back-end script that will automatically place a watermark (visible or invisible) in the image before it gets served to the users browser.

Another thing you could do is whitelist only common browsers’ user agent strings. So people cant use tools like wget to download the content of the entire site. Just be careful you don’t block Google or other bots.

Reading these comments, I would agree that this might work against a “random user” who would likely not have Firebug, or other problem solving abilities to work around this system. However, specifically you’re trying to work against someone looking to rip you off, and in that case, I might give their knowledge a little more credit than that of a random user. Unfortunately, I believe that image protection will always be difficult as long as the “print screen” button is still working.

Well that would have worked… except in Maxthon and probably other browsers. I can still save the image from that browser. So….if the image is that valuable to you, you should probably watermark it.

doesnt work in FF 3

@AC: What platform? Works fine on FF3/XP.

When I turn off javascript this snippet doesn’t protect the images on my website… This is the most simple way to get all the images…

Context menu still works in Opera 9.5/Windows. Dragging, however, doesn’t.

Scripts like this are useless. I tried your example in IE7 on WinXP and it didn’t work at all, I could drag it, rightclick it, etc…
You can’t protect images, except with some watermark, otherwise a simple “prt sc” does the trick on every platform/browser.

Hm. Did my comment disappear because I pointed out how easy it was to subvert in safari, or because I pointed out you were using an image without copyright clearance?

While it’s fun to come up with ideas like this and provide interesting examples of mootools usage, it’s an exercise in mental masterbation. While on one side you say that this targets the “average person”, you fail to apply this rule in context. We are talking about the average person who wants to rip off your images, not the average web surfer.

Print screen, Google image search, Tools -> Page Info -> Media, File -> Save As (my favorite for ease of use). If you truly want to protect images you are SOL. If you want degrees of protection, this approach is certainly the bottom rung. Embedded flash images might be one step up. True protection — not possible.

Woah. So you won’t show people what I said but you will say I was insulting and I ‘ripped’ you? For the (incomplete!) record, I don’t think I was insulting.

I pointed out a list of (trivial) steps that could be used with a default browser feature, underscored the futility of what you are suggesting, pointed out that there is a simpler CSS method that achieves what you’re actually getting, and pointed out that it is ironic you’re using a non-cleared image.

I don’t need to trawl round the internet to find the source of the image you are using, because you know you are using it without permission, right?

If you’re not going to display all my comments, delete all of them, and your reply, please. To leave an inference that I insulted you without people being able to see for themselves is pretty poor form.

Jeez you wouldn’t want to stick your head too far over the parapet ! Might get shot @ :-)

A couple more scenarios you may want to consider if you’re going to keep this one going -
1. FF zoom plugin can zoom the protector image down & expose the protected image.
2. File..Save page as saves both images. Adding the protected image URI as dynamic content (doc.write) may help with this, and have some effect for the ‘view source’ issue (but wouldn’t fix entirely)

Unless I am much mistaken, Google Image Search would find (and offer to display in a new window) images protected by your code.

But it seems to me that with the ‘give them credit’ thing you are arguing for your right to fair use of that image, which it just so happens is essentially all your code will interfere with.

This stuff just writes itself.

Pretty silly article then isn’t it…

Keep up the good work :)
I saw this link posted via a commenter on Ajaxian’s post:
http://www.tapper-ware.net/devel/js/HTML.ImageProtection/

It scrambles the image serverside or something and uses css scripts to assemble the image :)

css sprites

Its funny to see how much people doesn’t want understand the feature. I mean as flickr use the same method it can’t be totally useless. By the way wouldn’t it by smarter to create the image object once and clone it in the loop. So you only need to set width, height, top and left.

I’m pretty sure that everyone criticising this fully understands the feature. What we don’t understand is the creation of an ever narrower class of users to spend this effort excluding, when it is doing nothing at all to stop anyone who has mastered File… Save.

Flickr, incidentally, does not stop you dragging an image, or the thumbnail or full-size image, out of the page. Nor does it do anything to stop people just using Google Images to rip off images en masse without even visiting your site.

In all seriousness, encouraging people to employ measures like this to provide ‘protection’ falls into the category of bad advice causing a false sense of security, and I’m really surprised to find it on a blog as professionally produced as this.

And with this, I am done.

(As a complete aside, David, your spam filter thing is occasionally a bit hit-and-miss, and I’m fairly sure I don’t have cookie handling problems here…)

@Michael
its an flickr feature to “save” your images from downloading using the spaceball.gif:

Preventing people from downloading something also means that a transparent image will be positioned over the image on the main photo page, which is intended to discourage* people from right-clicking to save, or dragging the image on to their desktop.

Most of us reading this blog know this is not the ultimate solution, so I see no point in stating that fact all over again repeatedly.

Unless you can post a constructive solution that surpasses the one posted by David on this particular issue, you should take that criticism elsewhere.

Take the solution for what it is intended by David or leave it.

it’s very esay to save the picture,
just disactivate the javascript into your browser and then right click and choose save the picture

“Take the solution for what it is intended by David or leave it.”

What, a demonstration that, using a pre-existing API, one can write a non-solution to an unsolvable problem best ignored? ;)

Problem 1: you’re circularly defining “non-technical” as “someone whom this will fool”
Problem 2: your target audience is not who you think it is. Why guard against those who don’t know how to do something naughty rather than tackle people who are actually trying to?

I find more than enough of my images hot-linked into xanga, myspace et al (quite often by religious freaks who you’d think should know better) than to believe the rubbish about “non-technical users”.

Completely unrelatedly, you’ve totally sold me on MooTools. I’ve been getting by with Prototype.js, but this seems much less likely to cause me to pull my hair out.

So, I have to leave my 2 cents too here.

The thing I really can’t understand is: What is the sense of preventing dummies to save pictures from a website? Will they make the big business with building dummylike websites (with frontpage, or more ugly (yes! ;)) with word) with stolen pictures? Will the going to spend money for this images for their more likley private use?

btw: similar scripts are around since 2k AFAIR, and not one of ‘em worked fine on all browsers (e.g. if ECMAscript is deactivated), aside from their practical sense. ;)
AND: domready won’t work correctly on IE (all versions) if doc.write, or innerHTML is used (and some more). Specially with slow internet access!

@zen: I forgot! A solution that works: Watermark you images automated on serverside before they are going out. Lots of CMS can do this nowadays for you, e.g. TYPO3 (which uses OpenSource Imagemagick or graphicsmagick to do this).

@david: yeah, watermarks are knot nice ;) But the best solution will be, just don’t load your photos up to the web. very easy, not cost-intensive and the only “99%-secure-way”. ;) (1% given to trojans or thiefs who take your hardware away).

But: You may watermark your photos with solid image in a corner of the photo (can be cropped out), or you put an semi-transparent png on the whole photo (with imagemagick e.g.). -> not really that nice, but you can see the whole photo and you can’t crop.

@David: it is real cool work for non technical people, i believe how much people can try to hack, that much we can start write a code to protect the image, that may protect from beginners to intermediate programmer, What do you say? Image selling site can give a relax breathe…………… from all side hack. ;)

Just to add, that this feature need not only helps protect the image, you can also use it when using the Sortables plugin, if you’re trying to drag images. Firefox et al does not need this, but IE will prevent you from dragging an image over another image if it thinks you’re dragging an image (sounds complicated I know, but try it and you’ll know). By replacing the image with a div (instead of a blank.gif in the example above), this solves that issue beautifully.

I had to laugh when you said “@Michael: Not one, and I mean that, person I know that doesn’t work in web knows what Safari is.”

So what about all those people using Macs who get Safari by default? They might not know what it is but they are using it, and since a lot of graphic designers use Macs, these are the people you are trying to protect yourself against.

And then you are switching off the entire right click user interface, which cuts off a whole bunch of features.

This just seems like pissing into the wind. Kind of reminds me about that guy who was trying to get a movement of people who would block Firefox because you could block ads with it.

I think the best designers probably don’t worry about lamers ripping off their work.

The problem is, you’re proposing a technical solution to a human problem. If data of any kind is getting sent over the internet, there is ALWAYS a way to intercept it. Pissing people off by mucking with expected web behavior (like disabling right-click) is going to lose you users. Accept that people are going to steal your images. That’s a fact of life. If you’re concerned about it, do them for copyright violation once they do, rather than make life difficult for innocent users.

http://davidwalsh.name/dw-content/preload-images/6.jpg

Firefox/Page info/Medias

watermark is the best method to protect your work.

David, I’m not too sure if it is something that you intend to protect, but by doing the following I can copy the photo without using firebug or view source (my 9 year old daughter learn that at school).
- go to http://davidwalsh.name/dw-content/image-protector.php.
- select some text for example ‘david’ by click and drag. ‘David’ should now by highlighted.
- use ctrl-a. The full page is now highlighted
- use ctrl-c
- Now open word, or outlook in a new document of email and use ctrl-v.

Et Voila
is your javascript designed to stop my 9 year old daughter that don’t look at ‘view source’ and don’t know firebug.

Regards,

Alain

This last comment is maybe the only one that is relevant for this article ! Crazy stuff and sarcastic people

Thanks, works in google chrome too. But (since code in javascript), in firefox if noscript is turned on, u can still download the image.

Anyone who wants the image can easily steal it. View source, print screen, disable javascript, firebug, ie developer tool, etc. Have you made it a little bit harder, yes, but not by much. What you have done is potentially pissed off visitors who rely on right click and other browser features. Why not add a watermark, then you are always protected and you won’t be potentially alienating your visitors.

El script no protege la imagen la imagen se puede descargar desde los temporales =S, script don’t work

Forget all of the tools like firebug etc.. just view the source.. the original pic is there clear as day..

Alt-PrtScr
Paste into Photoshop
Crop and Save
Image stolen

Javascript to prevent image theft is a wasted effort.

Sorry.

People keep pointing out it can be broken because this is a TERRIBLE approach.

This doesn’t protect against anyone with a rudimentary knowledge of their browser or even their computer.
This doesn’t protect against hot linking, google image search, etc.
This doesn’t work on alternative browsers, javascript disabled, or other possible configurations.
For each idiot user you are successful blocking you will likely upset someone trying to use the context menu. For many people the context menu is a fast way to create bookmark.

All you have done is block a TINY percentage of your user base and potentially pissed off many more. Scripts like this set beginners back as they find it and think it’s a good solution, never make their way to real/useful solutions like digital watermarks.

It may have been a fun exercise, but anyone wanting to truly protect their images need to learn how to use watermarks, digital or not. These scripts have been around since javascript was invented and they are useless. Nothing more then wasted bandwidth.

This is quite good.
Kudos!

If you’ve manage to avoid everything including Save Page & Prt Scr, I’ll definitely put some donations (if you have one) into it and use the code.

@Andy: You’re joking right?

Despite David pointing out that this approach is a far from foolproof way of preventing image downloads, it was followed up with 100 comments on how futile this exercise is. And then Andy’s comment! LOL.

@Jin: Haha well… maybe the donation part is. Haahaa

But on a serious note, it’s an idea ( maybe a challenge to some ) to actually write a script that will 100% stop visitors from ripping the images on the site, including the two I’ve mentioned earlier.

Think about it, of all the 100 exercises, Andy came to the picture and gave a joke idea on how to advance the script into a next level.

But of all my jokes, a ‘ hat’s off ‘ from a stranger whom first time came here, stumbled upon this code and add a remarks & idea out of a 100 is… priceless.

Hey… if I offended anyone, sorry aite.
This is the way I conversed. Peace no war… haaha :)

David.

Thank-you.

I really can’t understand either (after reading SO many negative comments by some real idiots it seems) why they JUST DON’T GET IT.

This is a solution to stop the casual image-grabber. This will not stop any geeks out there, but will stop all the non-geeks.

Non-geeks outnumber the geeks BY FAR. So that is alot of images saved. And really, the harder you make it for anyone to grab stuff, the less stuff gets stolen. Print-screen/open Photoshop/control-paste/crop/save is a pain in the arse compared to rmb/save image as.

All the music players music stations have put as much as they can in place to stop you from stealing the music they let you listen to….. but of course there are plenty of tools out there to enable you to capture the audio and save it to your drive for free. YouTube etc don’t want you to download the flv’s, but there is software to download and convert those flv’s into avi’s on your hd.

THE POINT IS THE MORE PROTECTION THE BETTER. NOTHING IS EVER INFALLIBLE.

So, until you come up with something that is infallible, shut up and thank the people who are helping just a little bit.

Ungrateful arseholes.

@Storm: Correction…

Until you understood what is the meaning to ’sorry’ in my last comment… Sit there, Shut up, don’t touch the keyboard, don’t hit ANY key on the keyboard, just stick to your singing (or songwriting or whatever do I give a heck about ripped-off flash template), keep your thoughts to yourself, and be a little more civilized.

Here: : http://www.merriam-webster.com/dictionary/sorry

Talk about a false sense of security. This is like thinking your house will never be robbed because you locked the front door, but left the back/side door wide open. As for the average user thoughts, too often tech people look down on the average user. Give them more credit, they will surprise you.

@Andy, an interesting twist to this extremely long-winded thread expousing the problems with David’s implementation would be to suggest alternatives. Unfortunately, there aren’t any. Watermarks can prove that an image is stolen, but they do not prevent the theft.

So if someone is going to steal an image, your only viable recourse is prosecution or the threat of prosecution. Unless your images are very valuable, that isn’t likely to happen.

Can we declare this thread dead now?

all this talk about preventing the non-techinical user…

sorry but its all bull mate.
the non-techinical user only usually downloads images for their personal enjoyment whereas the “technical user” is the person who will use an image for further creative purposes or possibly generate income from it.

so as usual the inocent person who gets real enjoyment is given a hard time while all other nighthawks walk freely

First off, I wasn’t actually ranting at you Dave, so you can keep your sarcasm to yourself.

Second, it’s my wife’s singing/songwriting, not mine, and her or her site has nothing to do with this discussion.

Thirdly, I kinda agree with chief nighthawk…. it’s a ood point. So let’s say that this partial solution is good for those who really want it.

There is always SnapzPro. There is NO WAY to protect images from someone who wants them bad enough. If I can see it on my screen, I can grab it- I would say that most web designers Do have an idea of what they are doing and have some sort of screen capture utility and mild to expert Photoshop skills-

There are several ways to get that picture. i m not sure if i should say steal :)

as long as i see the source code, i can get it. right.

But but, if u use flash, unless they use screencapture, they cant steal it.

in html ,bottom line is, no javascript would avoid that.

dont waste your time dude.

striving to protect property on the internet is always going to be a struggle and to all the people who think this script is useless… well put it this way if you are on this page or anywhere near it, it’s not aimed at you.

Internet users are lazy… fact, if you place the smallest problem in their way they can’t be bothered. As a designer I face this problem everyday when getting a mook through to the checkout.

Obviously if i can digitally watermark any images on the website, maybe a visual watermark, then stop google bots indexing all the images on the website for it’s own glory… then yeah i’ll do that… but I also want something that’ll stop people like my dad grabbing images.

I also agree with the people who state that progress is made by examples… so if you don’t like this solution bring another to the table… who knows maybe you’ll learn something.
PS. this comment is not start of some debate.

Thanks for the useful code David. While I agree with the reasoning behind most people saying it doesn’t stop people getting the image if they try just a little bit. It will stop the casual user from having easy access to the images.

For one client of mine this is ALL they want. They won’t use watermarks as they don’t want the image ruined. And I’ve explained to them on several occasions how easy it is for users to get the images and how it’s not really effective to block save as etc..

Thanks again for providing this.

No ajax yes Flash :)

No problem to save the pictures in my browser firefox

your class is a joke

although it cant protect advanced user, but it good.

This is undoubtedly the dumbest script ever. If we are just going to start building security oriented scripts with the assumption that the user isn’t smart enough, what the hell is the point of security.

Keep in mind also that the “dumb” user is probably not aware of some secret scheme where they can make money by using these tiny web photos.

doesnt work in FF 3

David:

It’s a good thing it works for you, I guess you won’t be copying your own photos. Too bad the rest of us will be. :D

Very interesting tool, but what about the Print Screen or easily find the root of the image ?

David,

Hi :)
This is a so useful tool .
Is it OK if I use this script for my business?

Hi David,

Your script works as advertised. Against an atypical novice web surfer that uses a standard browser (IE/Opera/FF/etc). It does what you say.

For me as a developer, this was a useful technology example and has given me something to think about and a starting point for a more complete image security system I’d like to pursue.

BTW, for someone like me who uses Minefield (FF SSE2 optimized) 3.0.4 with Adblock/NoScript, this doesn’t work, of course. Not intended to be a criticism, as I said, it works as advertised. :)

I’ll look into this hopefully during the next couple weeks, and if I find a way to improve security against non-novice users, I’d be happy to share. :) I have been looking at using Python/Spyce (so that the work is done on the server side), but have become involved in a project based on Ajax, so I’m back to school learning yet another coding environment (though I have of course used Java).

As you say, it’s a hot topic! :)

Cheers, and thanks.

BTW, I meant to add that the people saying it doesn’t work in FF3 are probably using NoScript or something similar. And then of course, it won’t work. Duh! ;) :D

You can’t protect any images on the web, it is not possible, becouse:
1. you can save as full content with .html then you can get easely that image
2. you can do screenshot
3. you can disable javascript
4. and etc.

So simplest and easest way is using poor HTML.

Here is source code :)

<div style=”position:relative;”>
<img height=”807″ width=”580″ alt=”" src=”/dw-content/preload-images/6.jpg”/>
<img height=”807″ width=”580″ alt=”" src=”/dw-content/blank.gif” style=”position:absolute; top: 0; left:0; border:0px solid red; “/>
</div>

:)

Nice. I tried the example link, and i observed that if you resize the window red mark moves out of the image and if you click on the part of the image that is out of red area you can do things like a normal image. Just an observation ;)

Good work.
(tested in firefox 3.0.1 at Debian Sid)

hmmm…. i’d say thats way too much effort when all you have to do is taking firefox and looking into the page properties (media tab) and there are a.o. all images listed and ready to be saved on disk…
…but granted, not all the average ‘dumb’ internet noobs know about that erm.. ‘trick’ and so they don’t get it in the first place why they cannot save that darn image :D

but a way better solution and ‘unbreakable’ for at least the no-pro user is to encapsulate images inside a flashmovie.
there are ways to decompile swifs, but you can easily make it pretty hard to achieve a proper result so even pros tend to gauge the effort

cheers :)

I downloaded the picture in 2 seconds..disable your js and volia

Wow common people! Of course people are going to figure out a way around this but even so its a nice script and perhaps is enough for most people in a hurry. If people have the time and really want the content they can get it. Guess it applies to almost any content.

i like flikr’s more,
in this one if you save the page,you can save the image as well.

David, srsly, you gotta forgive them all :)

They have absolutely no idea how it’s like to own a non-it/geek portal for instance, where no less than 95% of visitors are complete rookies, thus they don’t get your point. They simply can’t understand there are so many people out there whose knowledge about browsers usage is limited to pointing & clicking the mouse and using the back button. So, all you my-friends-would-hack-it-within-seconds people – ask your grandma or grandpa to do so, and you’ll be blessed with clarity about this script’s purpose immediately.

And why preventing your grandma from getting the image on her hdd? Because your gallery is your PRODUCT. 1) It drives your stats (you want your grandma to pass the link rather than just the image), 2) it can be sold (e.g. viewed by still-internet-idiots premium account users), you want to be in control of your content / property (you put hard work into) and variety of other sub-reasons. But the most basic idea is that your photos are meant to be viewed and seen, not downloaded. Do you take your camera along to the cinema? No, you pay, you get in. Ok, you’ve seen it? Then get out :)

So, what you people do is philosophizing. Go on while I’ll be using this very practical script on my upcoming mootools-based portal (along with watermarks for sure, so when it spreads – and surely not via disabled hotlinks – it gets promoted by the transparent site address). Premium users will get access to downloadable full-resolution photos anyway (still watermarked a little). The rest will face an invisible wall they won’t pass no matter how many h4×0r workarounds you post in here.

Bla bla bla, everybody always bitch about what people could do better, instead of appreciate what they did.

Nice job David. I used your technique for the random computer user to protect images. There is no need for any other methods. You could always use this method and call the images through ajax in another file, but ppl could get it anyway by looking through the code or PrtScn the screen, but who cares? We can’t stop them, but we can make it harder for them to reach the goal right? ;)

Keep up the good work and thanks for the code.

It doesnt work, i browse with IE 5.5 on Win98

;-)

Hi Buddy,

But any one can save all tha images or graphics by going to file menu of browser and then save as the page.It will give all the images which jave been using in this page.
Please help us for this buddy.

thanks & regards
Parveen

I’m a rookie but how is this :

for(i=0;i<document.images.length;i++) {
$(document.images[i]).addEvent(‘contextmenu’,function(e) {
e.stop();
});
}

I also couldn’t get this script to work. Not in IE7 or FF3 (Mac or PC).

It would be helpful to include any the MooTools “more” dependencies (if there are any).

Just one thing discovered recently: adding oncontextmenu=”return false” do the body tag disables all the right-click stuff in all browser except Opera, including images (also ajaxified in lightboxes). I guess that’s easier. Of course turning JS off unlocks the door.

Find a way to make a little more or less the same

<script languaje=”JavaScript”>
function protector(){
img = new Image();
img.src = ‘6.jpg’;
document.getElementById(“gif”).width = img.width; //Ancho;
document.getElementById(“gif”).height = img.height; //Alto;
}
</script>
<body onLoad=”protector();”>
<div style=” background:url(6.jpg) no-repeat;”>
<img id=”gif” src=”blank.gif”>
</div>
</body>

as already commented above is not really to protect the image ;)

I’ve tried getting this to work for images within a variety of div elements to no avail. I see that on your demo page only the main image is protected, but not your logo image. Is there a way I can be targeting all img elements on the page, not just those img tags not within other elements?

David!!!

This is a great WAY TO PROTECT AGAINST THE AVERAGE USER… MY mother and grand parents had problems trying to Right click and save or copy the image to the desktop… I’m amazed that this scripts works exactly the way you said it would.

However when i had a couple computer/web buddies look at it they got the picture pretty easy. OH wait you SAID THIS WAS FOR THE AVERAGE USER!

Keep up the great work David! Forget about the people that can tell you how to steal the image, but can’t figure out how to read to see what the script is for.

@ryan: just to think about: what is the sense about to protect an image to be downloaded by your mother (or grand parents!!)? Does she make the big business with your image? and, if she reuses e.g. on myspace, wouldn’t it be of more interest for you to have some cheap advertise by having a watermark within the image?
And if an user won’t be able to save the image because of the ‘protection’ through this script, isn’t it most likely that this person won’t be able too to crop a watermark on the top left corner of the image?

As someone said before, and it printed this post out and posted it on the frontdoor of my office:

“A demonstration that, using a pre-existing API, one can write a non-solution to an unsolvable problem best ignored.”

I agree that there is not complete security for the photos..

Congrats to the coders!

What a funny discussion, so many ways to steal images, when you use bookmarklets mypage or even readability, it remove blank.gif also immediately.

Does not work in Google Chrome 2.0.156.1

It seems very cool. I’m gonna try this stuff.

This doesn’t work using safari……on a mac……at all…..

http://davidwalsh.name/dw-content/preload-images/6.jpg

It doesn’t work quite well when resizing the browser frame, the protection gets off.

What you can see in webbrowser it’s not possible to protect: images, javascript, flash, css and etc. There exist lot of methods workaround any protection or remove it. Javascript protection is the bed thing at all.

Context menu still works in Opera 9.5/Windows. Dragging, however, doesn’t.

How do I use this on my wordrpress blog? Where do I put the code?

Hi David. Thanks for your job (and for your patience toward the brilliant people trying to hack it !).

I’ve found another trick to “protect” images : I copy the src attribute of my tag as a background-image of this , and then I put a blank image into the src.
This works without a framework, but one can probably rewrite it for Mootools quite easyly.

More details there : http://sitesweb.abondance.free.fr/copyleft/billet.php?idBillet=20 (all in french !)

Your codes totally don’t work in IE7. I wonder how u have placed such biased.

@Dhruba Jyoti Deka: Well… Yes it does.

I have saved all the images from your demo page, to my desktop. So your script is flop.