Secure image protection

How to Copy Protect Images on Websites


This article is not about file encryption for images stored on your hard drive or password protecting them to send by email. Instead we are discussing how images displayed on web pages can be protected from copy, save and downloading.

Most web browsers are designed to pirate web content

There are no options omitted when it comes to providing the means and methods for copying and saving web pages and their images. To make their browsers as appealing as possible, browser designers have empowered the user to copy, print and save anything on a web page and just in case they cannot click to save it directly, they provide options to "save page" and include everything on the page with one click of the mouse.

Copy protecting images in common web browsers

Preventing access from every possible angle is most difficult. The usual options for copy and save are:

  • Right mouse click to "save as".
  • Browser menu option for saving the page with all files included.
  • Right mouse click to save the page with all images.
  • Highlighting by mouse select and copy-and-paste to the clipboard.
  • Click select by mouse and drag-and-drop to the desktop.
  • Browser menu option for sending to printer or file converter.
  • Right mouse click to send page attached to an email.
  • Browser menu option for sending as an email attachment.
  • Using Ctrl C or Print Screen to create a screenshot of the page.
  • Using screen capture software and recorders to copy pages and video.
  • Locating the download resource of images from view of source code.
  • Using site and file grabbers to download all images used on a page.
  • Using file grabbers to retrieve media from web browser cache.
  • Packet-sniffing to intercept media locations.

Most of these options can also be initiated by using hotkeys such as "Ctrl C" for copy to the clipboard and so on. One naive method for preventing copy involves the disabling of the mouse right-click menus, but even without mouse-click the user still has options via the keyboard. However, even after disabling all of these options, whatever is displayed on a page is still at the mercy of screen capture software and/or retrieval from browser cache.

Site grabbers and image downloaders can spider a web page just like search engines to build indexes of files to download. These apps can target specified file types and collect every one of them from your website.

In theory, web page encryption should prevent the location of files linked from a web page. But any encryption based on JavaScript is a useless because the web browser finds the decryption key in the very source that it is supposedly protected. To display the page, the browser needs to decrypt it and once decrypted you are back at square one again with the unprotected page on display with all of its HTML and source code. While the page may have been delivered to the browser in encrypted form, the images stored in browser cache are not.

Limitations and requirements

Contrary to what some "copy protect" developers claim, it is impossible to prevent copy using client side scripting such as JavaScript. It is also impossible to prevent copy without using a plugin (by installing extra software) that is empowered at system level system to control and manipulate cache. Anyone making claims to the contrary is preying on the user's and possibly their own naivety, and these include all protect solutions that use html encryption.

There are solutions that are secure but they are not available for all operating systems (OS). Today's OS fall into distinct family types such as Windows, Linux, Android, MacOS, etc. The only image protection solutions that are effective can be used by Windows OS only. Windows can support proper protection functions and is considered stable to warrant development time and an adequate life expectancy. All other OS either cannot support proper copy protection or are too unstable to survive a rollout, ie: by the time your user upgrades to the latest update that OS will be outdated.

Securing images in popular web browsers

There is no solution that will adequately protect content that can be used with all operating systems. Yes, there are solutions available for all OS but they offer no protection from Print Screen or screen capture. Secure Image Protection is one example and it is supported on Windows, Mac and Linux computers. As well as providing protection from save and downloads, the image files are encrypted and domain locked to the owner's website and cannot be used anywhere else. Consequently such images are most secure while stored on the web server and are safe even from your webmaster.

But there is a more effective solution and one that is safe from all copy including screen capture. CopySafe Web Protection is the most secure protection for images but does have one limitation. It is supported across all Windows versions since XP only. However that does amount to 92% of all Internet users. The remaining 8% is a mixture of OS, 2% of which are comprised of search engines and media grabbers.

CopySafe Web uses a web browser plugin

CopySafe Web is the most secure solution for displaying encrypted images and it is the encrypted image that activates the CopySafe plugin when it loads.

CopySafe Web can be used with all types of web applications

CopySafe Web can be added to any web page regardless of which programming language is used for the page. If you are using a CMS and/or have limited HTML skills, ArtistScope provides a variety of free modules for integrating CopySafe Web with most popular CMS solutions:

Secure web browser vs web browser plugin

The ideal solution for copy protecting web content is by not using any of the popular web browsers at all, but instead using a web browser that is specially designed to protect the content that it displays. Such a web browser needs to display generic web pages and media but without providing any options that can be used to save, print and copy the page or download any media displayed on that page.

Today there are a few custom web browsers available that claim to satisfy these requirements. Some are merely reskinned IE engines that still expose browser cache and some others have been designed to restrict some save and copy options. But the mistake that most custom browser developers are making is that they are trying to support all operating systems (OS) and that is where they fail because proper copy protection is not possible on Mac and Linux based OS.

The most secure web browser

There is only one web browser that is safe from all methods and copy and save, and it is supported on all Windows OS since XP. Unlike pretentious "secure" browsers, the ArtisBrowser provides:

  • Creates a secure tunnel between the web server and the user's computer.
  • Safe from packet sniffers even without the use of SSL.
  • Web pages cannot be viewed by any other browser or application.
  • Embedded media resources cannot be located in page source code.
  • No content or code can be retrieved from web browser cache.
  • All media is safe from file grabbers and downloaders.
  • Protects all media without requiring that media to be encrypted.
  • Pages cannot be printed unless allowed by the webmaster/designer.
  • Pages cannot be copied by using Print Screen to take a screenshot.
  • Pages and video cannot be screen recorded or captured.
  • Absolutely no options for copy and save.

Even when the page and media is on display in the web browser, nothing can be copied in any way... that is, without using a camera to take a photograph of the computer screen. The ArtisBrowser is the most secure web browser and the only web browser that can effectively protect web page and media from all methods of copy and save.

The ArtistScope Site Protection System (ASPS)

ASPS is not just a web browser. Instead it is a server to browser solution that has been designed from end-to-end with copy protection in mind. Web pages assigned for use by the ASPS Web Reader are delivered in encrypted format from the server and they can only be decrypted by the ASPS Web Reader, thus creating a most secure tunnel between your site and your visitor. Intercepting this page is useless as it cannot be deciphered except by ASPS and it cannot be hacked.

ASPS is supported on all types of web servers

The ASPS filter can be installed on all Windows servers/computers running IIS since XP and all Linux servers.

ASPS is supported in all types of CMS and web applications

ASPS encryption does not affect the web application or programming language used to create web pages because it encrypts and delivers the page after it has been assembled by the server. So it doesn't matter if your website is based on Sharepoint, PHP, ASP.Net, Classic ASP or good old static HTML. Consequently any and all CMS applications like DotNetNuke, Drupal, Joomla, Moodle and WordPress can be run from a ASPS website.

Preparing a website for ASPS

No special treatment like encryption or conversion is required as the only preparation required is to add a line of HTML before the page's DOCTYPE statement. So to protect pages you add this tag and any pages not including that tag will not be protected and redirected to open in the user's default web browser. This way you can cerate doorway pages and leave sections of your site accessible to normal browsers and then most securely protect only those sections or pages that are critical to your mission.

Downloading and evaluating ASPS

The ArtisBrowser can be downloaded from their demo site. After download, simply follow the links for "Guided Tour' to explore a variety of different media that can be protected by ASPS.

Click for more Copy Protection resources.

  Copy Protection & DRM News
  IT Security News
العربيه | 中文 | Česky | Deutsch | Ελληνικά | English | Español | Filipino | Français | עברית | Hindi | Indonesia | Italiano
日本語 | 한국어 | Magyar | Malay | Nederlands | Polski | Português | Русский | ภาษาไทย | Türkçe | 台灣 | Việt