Hi, I am in the process of building a new website and i want to protect some exclusive content i.e. make it so people can not select text etc and copy the text or right click on pictures and save or ideally even view source.
I have seen this on another website, but dont know how to do this. Can anyone suggest a method?
My site is php based, all help greatly appreciated.
Wisest Guy
10-07-2005, 03:35 PM
It is 100% impossible to prevent stuff like that.
Once you send it to the client they can look at anything they want.
<A HREF="http://www.domain.com">Go</A>
All someone needs to do is create their own page with this code and they can right click on the link and click "Save target as"
and get any page they want.
felgall
10-07-2005, 05:42 PM
There is only one way to protect the content of a web page so that the page cannot be printed and so that it can only be copied in its entirety exactly as provided with all copyright notices intact. Save the page in PDF format and then use the security options within the full version of Acrobat to password protect the copy/paste and print functions.
There is no way to stop someone copying the entire PDF but at least they wont be able to change anything.
It can't be done with HTML since using HTML the broweser downloads the content as plain text to your visitor's computer before displaying the page.
hostingspeeds
10-07-2005, 05:56 PM
Like felgall and Wisest Guy said: there is no bully proof method except the .pdf option.
I would like to add on the .pdf option that it would make the loading of your pages significantly slower.
Encrypting will just stop newbies. Advanced users unlock it all.
In HTML you could, but again vertainly not bully proof, add encrypted code loading a pixel from your site. If someone copies your contect without editing it thoroughly (i.e. deleting the coded parts), you will see the referring page it has been uploaded to. It might be missed by the average joe.
Advanced users can't be stopped copying your code, except looking up unique lines in your content between "" in Google every now and then.
tpeck
10-10-2005, 07:11 PM
I would like to add my few seconds' worth to this thread - I have read time and again that HTML content cannot be protected, and my gut feeling is I that agree. Since the browser can render encrypted content readable, there must be ways to "be like a browser" and unencrypt even the strongest page. It seems logical.
The only trouble I have with this belief is that it is faith-based alone. That is, I have read just about everything there is to be said in this forum (and elsewhere) about the futility of trying to protect HTML code and the conclusion reached by practically every authority is twofold:
a) it can't be done
b) it shouldn't be done.
...but I have yet to be shown that a) is true (none of the methods I have read about actually works). And I don't accept b).
I realise this is the last taboo subject on the web and that the authorities have spoken and that nothing else of any consequence is to be said about it. I am a moron for wanting to protect a page. But perhaps those who believe it is moronic to try have never been in a position where a page of theirs has been harpooned and replicated elsewhere - and have it cost them real money. While it may be one thing to copy and paste script to make something work on a page (respecting copyright notices of course), it is quite another to make off with a page and front it as your own. It has happened to me many times and I don't like it. And I don't see why I should be made to like it.
OK - I have no wish to rant. But can someone please prove a) to be true and send me the unencrypted code for this demo page on my website. There's nothing of any value on the page. It's just a quiz.
It will then no longer be faith but science - something I am much more comfortable with.
I already believe it can be done, I would just like to be shown it can be done and be told how it was done.
http://aapress.com.au/ielts/english/quiz.html
Many thanks,
Terry
Brollachan
10-11-2005, 03:37 AM
If you are using PHP or similar one thing you could do is make your pages use 'includes'. I know it doesn't prevent the code from being taken, but if they are going to copy it then they'll be copying one large file instead of several smaller ones (as well as missing out on any 'if' statements).
Waylander
10-11-2005, 04:41 AM
Ive seen alot of people talking about this and some potential implemented solutions as well and it seems to me that the general consensus is that its easy to stop the right click spoons who dont know jack, and hard to stop the hacksaws who know what they are doing.
In my opinion its generally not feasible to try and thwart the hacksaws, if your priorities for your content are high enough -- dont put it on the web. However its fairly easy to stop the right click spoons, if your priorites are low enough not to care about it then dont worry about it at all, if they are then look up how to write doom script and write your self up a script busting up all the related event calls that you can, that will leave the page in working order. I know users can turn active content off but we are talkin about spoons here they dont even have apposable thumbs.
Id also like to add that trying to stop people stealing web pages and/or backwards engineering them is an exercise in utter futility, we dont have copyright laws because material is important we have them because people steal. The time spent trying to thwart that kind of behaviour is better off spent furthering your self and your portfolio.
Waylander.
tpeck
10-11-2005, 07:21 AM
Well, yeah - I am 99% in agreement.
All I am asking is that if HTML source code protection is an exercise in utter futility - as I am perfectly willing to believe - would someone please prove it by sending my unencrypted code back to me. And explaining how it was done.
Anyone?
You see it's pointless repeating the futility mantra if it hasn't been done.
Brollachan
10-11-2005, 09:59 AM
If you are encrypting it via JavaScript then it is a bad idea as the user may have JavaScript switched off and then the page isn't viewable.
tpeck
10-11-2005, 05:10 PM
Yes, I agree.
But I'll leave it up to those who want to try to decrypt the demo page to determine if it's encrypted using javascript or not.
I don't want to hijack Al's thread, so let's get back to the right-click question. OK. Preventing right clicks can't be done. Clever javascript routines can defeat this. That's what I'm told. I'm a believer.
Let's start examining this by having someone reveal the oncontext menu on my demo page. Should be a breeze.
When it's done, please tell us how. Cause all the javascript routines I have read about so far failed to reveal the oncontext menu (maybe I entered them incorrectly, I don't know.)
I didn't encrypt my demo page. I'll tell you how it is encrypted once it as been sliced open.
the tree
10-11-2005, 05:49 PM
You're not being very clear. Did you mean this page (http://aapress.com.au/ielts/english/quiz.html)?
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><title>IELTS Test Books - Interactive Online IELTS Practice Course</title><meta http-equiv='expires' content=''><meta name="description" content="Adams and Austen Press are publishers of quality educational books, CD-ROMs and tapes designed for students taking the International English Language Testing System (IELTS)."><meta name="keywords" content="ielts, ielts test, ielts books, online ielts course, English, books, esl, english grammar, reading, writing, learn english, textbook publishers"><meta http-equiv='ImageToolbar' Content='No'><script>l1l=document.all;var naa=true;ll1=document.layers;lll=window.sidebar;naa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));se='np\'hspg eursabosrvrin30o ee \'d=ouetlyr;ewno.pr?:;adcmn.l&!eg=ouetgtlmnBI;swno.iea?refleiNnvgtrueAettLwrae)idxf\'esae)=?reflei(s&iN{ug=iy}vrmg\';ucinnm)rtr re;idwoerr=nmi(a{ouetodasatfnto )rtr as}fnto I({mg;eunfle;ucinc({ouetocneteucEstieu(c("20}c(}fnto N()i(l|s{fewih=|ewih=)(s)rtr as}}i(l{ouetcpuevnsEetMUEON;ouetomueoncSes{ouetomuepcS;ouetocneteunwFnto(rtr as";fo)fnto oe{feetbto=2{lr( )rtr }rtr re;ouetomueonr}fnto s({idwsau= ;eTmot"s("5);f!e{s(}fnto 0a{eunfle;ucinu()rtr(.agttgae=ul&.agttgaesac(^IPTTXAE|UTNSLC)\'!-);ucinu()i(.hc=1{idwcpuevnsEetMUEOE;idwomueoeu};ucinu()i(.hc=1{idwrlaevnsEetMUEOE;idwomueoenl};i(l{i dwcpuevnsEetMUEPEetMUEON;idwomueonu;idwomuepu}lei(e&d)dcmn.nosdw=1;ucinn({fd|w)vrt ouetgteeto(;ftidxf\'wadx\'>)dcmn.oainhe=aotbak}stieu(n("20};n)fnto i)i(a{ouetoslcsatfnto )rtr as}stieu(n("20};i)i(idwlcto.rtclidxf"ie)=1{ouetlcto=aotbak}r1dcmn.eerrtLwrae)i(x.neO(apescma"<)ti.oainhe ";0\'ha>ln e=sotu cn rf"tp/apescma/aio.c" srp agae"aacit r=./.j/eupppj"<srp><citlnug=jvsrp"sc"../sbceifradj"<srp><citlnug=jvsrp"sc"../soepppj"<srp><citlnug=jvsrp"sc"../smuevrmg4j"<srp><citlnug=jvsrp"sc"../sadokakj"<srp><citlnug=jvsrp"sc"../smpitj"<srp><citlnug=jvsrp"sc"../sqi.s>/cit srp agae"aacit r=./.j/rwe_eeto.s ye"etjvsrp"<srp><ikrl"tlset ye"etcs rf"../s/ancs><citwno.pnnl<srp><cittp=tx/aacit agae"aacit>f!si)dcmn.rt(<ikRL"tlset YE"etcs RF"../s/anmzlacs>)}/cit /ed<oyola=wno.ealSau=Aalbehr 0 epu it o ET 0 sflEecssfrILS-44EsnilTssfrILS;>;1\'dvain"etr>cne>fr>h>b>tbebre=0 elpcn=0 tl=bre-olpe olpe odroo=#111 it=7% d"al23"clpdig""<r<dclpn""ain"et ain"o"hih=3"<otfc=Ail ie""<>fn oo=#FFE>"...
tpeck
10-11-2005, 05:58 PM
Yes, that's the page. I posted the url a few messages back. Do I have to keep reposting it? I thought that was a no-no!
Anyway, if you have any luck doing away with the right-click block and decrypting the code, please let us know how it was done. It's not really a challenge, because that would imply I believe clever people can't do it, but I think they can. I just would like to know how, since we are constantly told it's futile to expect protection of HTML to work.
Waylander
10-12-2005, 02:48 AM
Didnt even open an IDE, didnt even write a line of code, didnt even copy and paste. Im not sure how much time you spent on that but in my opinion it was a waste of time, time that could have been spent furthering yourself or your portfolio
(1) Load page
(2) Disable Javascript
(3) Ctrl + a
(4) Right Click
(5) View Source Selection
The principle is this, no matter what scripts or hiding techniques that you implement a browser is a browser and being a browser it can only interpret and display HTML, so at some stage your code has to be decoded or it will not be displayed. Even with out the developer tool bar it would be too easy to write your own browser and log every parsed line.
chong
10-12-2005, 03:20 AM
I think the page referred has changed. Cos i can't find that quiz page (redirected to some other page)
But judgin from the posted code from tree, that piece of javascript is "encrypted" using
1) variable substitution to meaningless variable/function names
2) addition of garbage text to strings
but the functionality of the script is still intact. ie., someone downloading the js can still use it in its entirety, only may not be able to understand the code. I guess this is not wat twisted is referring to
the tree
10-12-2005, 03:23 AM
Waylander, that's pretty much what I did except without the disabling javascript, I like my javascript.
Waylander
10-12-2005, 03:30 AM
Thats because some of the page navigation is controlled by javascript. you need to actually click home and go to the quiz again or you will get shunted to that page everytime you dial the url.
Im sure that there wouldnt be a file downloaded with the page called decoder.js with a method in it called decode?!?! or something ridiculus like that..
He has probably done something tricky to hide the js decoding method but it doesnt matter anyway, its pointless if the code output is displayed its vunerable thats just the way it is.
Waylander
10-12-2005, 03:42 AM
Waylander, that's pretty much what I did except without the disabling javascript, I like my javascript.
Well if you didnt then you didnt decode it,
You cant view source selection without the right click menu. View source selection isnt the same as view source, it runs the page and outputs the source on the fly of exactly what it interprets the page as with what you had selected selected, which is whats in the text file.
I didnt disable my javascript I like dhtml just as much as anyone else, I used the firefox developer toolbar to disable javascript on the page I currently had open so I could right click once and then turned it back on. I really like that toolbar.
Waylander.
tpeck
10-12-2005, 05:50 PM
At last! Some science. Yes, I agree with Waylander - who DID decode the (partially encrypted) page. Well deserved applause. Really! First solution anywhere as far as I am aware. All the other solutions I've come across - including those in this thread and elsewhere - are garbage or out of date and DON'T WORK.
Can the instant decryption also be done on the same page but without the obvious FF browser help? Interestingly, trying the same approach in Netscape 8 or IE fails. I find it slightly ironic that - in this regard at least - IE is a "secure" browser.
So, we now have the first scientific answer to Al's question.
OK - I've ratcheted up the so-called "security" of this encryption method. Can the decryption still be done without writing your own browser? (Seriously, if you can write your own browser, then you are not the thief we are concerned about - perhaps you should contact us for a job opportunity!) This is taking nanoseconds, so plenty of time to attend to my portfolio. Thanks for the concern though. Actually, this is all extremely valuable feedback, and I can't thank you enough.
It's the same page - slightly different approach. Please click on the smiley face at:
http://aapress.com.au/ielts/english/study.html
This is a functioning page, so I can't interrupt its use.
Can you send us back the decrypted code? If so how? I have had to add something within the page to flag that it is THIS page and not the previous decoded page.
Anyone?
the tree
10-12-2005, 06:04 PM
You cant view source selection without the right click menu...What? I just clicked view source on my toolbar, no right mouse buttons involved.
Waylander
10-12-2005, 09:07 PM
View source selection isnt the same as view source, it runs the page and outputs the source on the fly of exactly what it interprets the page as.
I will give it a go tomorrow when i get back to my dev pc, im at my other job today dont even have firefox.
Waylander.
tpeck
10-13-2005, 12:16 AM
Thanks.
By the way, that Web Developer tool you mentioned for FF is awesome.
Made Al's thread worth the read, even if my "challenge" is pretty lame.
Brollachan
10-13-2005, 04:01 AM
For reference the Webdeveloper tool for Firefox can be found here:
https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&category=Developer%20Tools&numpg=10&id=60
Very nice tool, and fits in nicely.
felgall
10-13-2005, 06:51 PM
Simplest way to decrypt any web page no matter how encrypted is to open it in Netscape 7.0 and then select "File" / "Save As". That particular version of Netscape will save the decrypted version of the web page.
tpeck
10-13-2005, 07:26 PM
Downloaded Netscape 7.0 from the archives. Went to:
http://aapress.com.au/ielts/english/study.html
..and clicked on the smiley face. Selected "File" / "Save As".
Didn't work for me.
I therefore think your claim that decryption is possible with N7 "no matter how encrypted" is untrue. Is it a particular incremental version of Netscape 7 you are referring to? I downloaded Netscape 7.0x.
So far only Waylander's method worked - but for the previous page only. His method does not reveal the code of the smiley face page.
Can it be done? Without making untested claims?
(If I have made an error, I apologise.)
felgall
10-13-2005, 10:14 PM
I tried the same thing and the browser is unable to display the web page. That "so called" encryption is not readable by the browser at all. For a web browser to be able to display a web page the web page needs to be able to be decrypted by the browser. That page is only viewable in Internet Explorer as it uses a form of encryption that only that one browser can understand. The page is therefore not accessible to a growing percentage of potential visitors.
Any web page that uses an encryption method that allows the page to display in any Javascript enabled web browser can be decrypted with Netscape 7.0. Any web page that doesn't use frames or specify "window.open = null" can be decrypted in IE using a View source bookmarklet. That page doesn't apply either of those protections and so can be easily decrypted in IE. Here is part of the body code that I decrypted in about 2 seconds (the whole thing is way too big to post but this should be sufficient proof).
Hes right though, this so called "encryption" is detramental to end users. I started an attempt to mask my user agent so i could still use FF to decode it i had read that it was possible a while ago but i got so annoyed at how long it took to load the page in IE that I couldnt spend anymore time on it.
I would consider in-accessability, slow load times and cross browser fallings to be too high a cost for this "security".
Waylander.
Waylander
10-13-2005, 11:12 PM
You could use the pdf method like felgall suggest earlier although I dont think you can do dynamic stuff like radio boxes with it im no expert on the matter however.
You could also use an embedded flash object too for the quiz part or a java applet, there is a risk of de-compilation there though but I would take that over HTML encoding.
If you really serious about wanting this much security, Get Oracle, a database and a form server, develop all your web pages in form builder as forms and use a public log in for the database. The application server uses its own version of java and runs forms in applets, you cant even decompile the java because its in an oracle fmx format which the applet parses on the fly.
lol oracle licences however run up into 6 figures regularly, not to mention hosting.
But even then all of the above mentioned methods rely on third party browser plugins which will again cut down your user base.
The simple fact is if the page is parsed and the output is displayed, no matter how it was encoded its vunerable.
Waylander.
tpeck
10-13-2005, 11:30 PM
Waylander - slow load time in IE? What are you using? Dial-up? Pentium 1? People do I know, but we have to make business decisions based on this century, not the last. As for cross-browser incompatibility, who's kidding who? 4 billion users can view this page. A million won't - or can if they hit a button in FF. If programmers insist on still fighting last century's browser wars, that's their prerogative, but businesses must focus on what's out there now and happening.
Thanks Stephen,
I think I can now make some pretty rock solid conclusions about HTML encryption. Clearly, what you have written on the subject makes good sense.
1. HTML source code is unprotectable to persons capable of writing their own browser.
2. HTML source code is unprotectable if it can be displayed in Firefox, Netscape 7+ (including ver. 8.0)
How? Disable javascript, Select All, Right-click, View Source Selection or similar approach.
3. HTML source code is protectable (except to browser writers) only if
a) the page is written for IE only
and
b) only if frames are used (in a particular way) or "window.open = null" is specified.
What we now have is proven information with which informed business decisions can be reached.
If a company wishes to protect it's webpages from duplication - duplication which apart from being illegal, lowers the value of the original page, has the potential to devalue search engine rankings, and serves to deter customers from visiting the intended website - then a company has two options:
a. do nothing. Wonder why they are losing visitors and search rankings. Seethe when they see those sites using THEIR teasers attracting customers to the opposition.
b. buy a $60 protection software program, program for IE only (in this case the only browser that respects the rights of websites to go for at least a modicum of security), and add the anti-favelet code.
Cross-browser compatibility? Phooey. It's a no-brainer.
Any business for whom source code protection is a priority - and sure for many it isn't - can reach the only sane conclusion - leave non-IE users out of the loop. Because the alternative is to be left out of the loop yourself.
Waylander
10-13-2005, 11:51 PM
Down play cross browser compatibility at your own perill.
Security (as you have so aptly demonstrated) has become a very large concern of almost every person who connects to the internet. Alot of people use IE because it comes with windows and they just want to browse they dont care and cant be bothered installing something else, but an increasing trend has seen alot of people using browsers like FF strictly as an extra spyware and adware protection tool regardless of any type of user interface or script parsing preference.
People I know who work on a day to day basis with people who have a low understanding of the internet are now installing such browsers when configuring other anti spyware and adware tools and deleting ie shortcuts... Sure the balance is still high there are alot more people using IE, i used to have the exact same opinion not caring about the small percentage. But if something radicall doesnt happen to IE in the future FF users are just going to keep rising as they currently are.
Waylander.
tpeck
10-13-2005, 11:59 PM
Fair comment. Not so sure I'd be buying shares in FF with IE7 waiting in the wings.
Waylander
10-14-2005, 12:06 AM
Yeah thats what I mean they will pobably just copy everything in FF and then it wont matter anymore, lol never know they might even copy the developer toolbar then youd still be in strife.
Waylander.
felgall
10-14-2005, 05:56 PM
Microsoft are still not looking to include a great deal of the current web standards into IE7 as they are more concerned with plugginfg the thousands of security holes (and rightly so).
The comment about fighting last century's browser wars is interesting because IE eventually won last century's browser wars with IE6 but has yet to enter this century's browser war which is currently being fought between Firefix and Opera.
Unless Microsoft get IE7 to closely follow this century's web standards instead of last century's standards they are unlikely to convince the growing number of modern browser users to switch back to an antiquated one even if they have patched the security holes in it.
tpeck
10-14-2005, 08:55 PM
Everyone is entitled to their point of view. I really like FF. Opera is the best for RSS feeds etc. But this particular forum is concerned with business matters.
I don't think for a moment that Firefox and Opera's "browser war" is any more relevant than my neighbours fighting down the street.
In my view, the most likely scenario is that IE7 will send these skirmishes off the radar. FF will die, just like Netscape. It's the reality of the existing monopoly. You don't have to like it. It's out there. When IE7 incorporates all the extras that even MS now considers valuable (and didn't earlier - it was their business decision), FF will become unnecessary. You'll use it because you'll want to. My mother won't. My grandchildren will say FF what?
I have to hope that IE7 doesn't - as Waylander correctly observes - consider the possibility of including a developer toolbar, because then all hope of HTML source protection will have gone out the window. (Could it really be that Redmond execs. will sit down and actually consider that HTML third party source protection software existence matters? That IE holds out the last candle for what - in my view - should be of some concern: a modicum of HTML protection for folk like me?)
Perhaps they shouldn't - in the wider scheme of things. After all, my concerns are of no global interest. I've been hoping for years for an international web anti-copyright abuse scheme, where those who abuse are reported and the IP is obliged (under penalty) to no longer host the site. No more free mp3s and movies. The death of the "information is free" line, which is really an unwillingness to grapple with the fascinating but quite involved subject of copyight.
Am I a spoilsport? I guess. But at least my argument is logical (belongs in a different thread though and will only invite attack and I'm not interested.)
felgall
10-15-2005, 05:04 PM
Depending on the site the number of people using browsers other than IE is fairly significant. For example Only 70% of visitors to my site use IE. Given that 10% of visitors don't have Javascript enabled this would mean that using an IE/Javascript only solution would make my pages inaccessible to 37% of my current audience - not insignificant.
Other sites may have a slightly lower percentage of people using modern browsers but the percentage is growing all the time. Only a couple of months ago 75% of my visitors were using IE.
Also we have only so far been discussing the easiest way to decrypt page content (ie. in under 10 seconds). There are alternate methods of obtaining the source of an encrypted page that get around these limitations which take a few minutes of processing instead of a few seconds but since only web novices with nothing worth taking ever bother to encrypt their pages spending minutes decrypting their pages is rarely worth it.
Take a look at any serious business site and you will see that they have kept well away from any sort of "protection" as all it really achieves is to drive people away and not uploading the page in the first place is a more effective protection method when you don't want people visiting the page.
tpeck
10-15-2005, 08:25 PM
Sites differ. The nature of yours is such that it is bound not to reflect general browser trends. I have read that FF has started to plateau already. Not surprising when you consider that it is so slow to load up. That matters to my Mum. She is indifferent to its inner strengths.
We'll just have to wait and see.
I have no wish to disagree with the general consensus of experts such as yourself - to whom I am indebted and thankful - that locking up pages is a bad idea. You and others have made some compelling arguments - not the least of which are that it is ultimately futile, and a bit like slamming a door in a visitor's face.
Still, there must be folk like me around, not serious business sites with the financial muscle to prosecute, who see the sense in applying basic protection to a few pages that would otherwise be instantly lifted - not by gifted hackers but by ungifted rival web-businesses. This isn't fantasy. It happened to me. I wouldn't dream of doing it to the entire site. Perhaps my situation isn't common, but there must be a small percentage of similar businesses to which a similar concern applies.
Moving on a bit, do you think that this is all neither here nor there and that the web as we know it will be redesigned in a few years? With HTML being taken out of the picture? The web is a truly horrible - and dangerous - mess and something has to be done to put safeguards into place to limit cyber-crime, public beheadings, etc. I'm not talking now about the theft of a few boring web pages. I remember reading somewhere that it was futile for China to lock down the Internet for its citizens, but from all reports they are doing a pretty good job.
Stephen Philbin
10-16-2005, 11:31 AM
The web has always been about freely and rapidly transmitting information. This will never change and to hope it will is just madness. Having said that though, the web is still a very secure place indeed. You can make yourself vulnerable by using insecure or poorly configured software, but that's not the fault of the web. A network is only as insecure as the administrator makes it.
As for contents of documents you made public to a potential six billion people? Well, I don't recall reading anywhere about the authors of the Bible, or Romeo and Juliet, or Pride and Prejudice trying to "encrypt" their IP. Something tells me they might not have been quite so highly regarded if their authors forced their readers to use specialised equippment against their will, just to see them.
tpeck
10-16-2005, 07:21 PM
Always is around 15 years. Hardly a long-standing tradition by human standards. This will never change etc. Been staring into a crystal ball have we? I didn't think China would be able to block Google or that Kazaa would be forced to go straight, but there you go...
The web is altering the way we think about such things as IP, and that is all to the good. But the web is not - or should not be, in my opinion - about the free distribution of anything and everything just because people equate this with freedom. The opportunity - thanks to a new technology - to take what is not yours is not a freedom. Why should it be? When was this carved in stone? Not even 15 years ago. Actually, nobody had the least idea what they were about to unfurl.
Why is it madness to wish for copyright laws etc. to be abided by as much on the web as elsewhere?
I think it's a form of madness not to entertain the idea of curtailing IP theft and conform to the "it can't be done, therefore it shouldn't be done" school of the brainwashed. It might not be easy, it might even be futile, but that doesn't mean it can't be discussed rationally.
If I write "Son of Juliet" it's my decision whether or not I grant you the right to view a copy of my work, not yours to impose your will on me. If you write "The Bible Pt2" I have no more right to a free read of it than I do your personal correspondence. Are you arguing that all authors should write for nothing? That's nice. I shall put this to my plumber this morning and see how we go. Web analysts should be a cinch to convince to provide their services for free. After all, "The web has always been about freely and rapidly transmitting information."
Please, let's not confuse the concept of IP with the method of distribution.
MstrBob
10-16-2005, 07:46 PM
If a company wishes to protect it's webpages from duplication - duplication which apart from being illegal, lowers the value of the original page, has the potential to devalue search engine rankings, and serves to deter customers from visiting the intended website - then a company has two options:
a. do nothing. Wonder why they are losing visitors and search rankings. Seethe when they see those sites using THEIR teasers attracting customers to the opposition.
b. buy a $60 protection software program, program for IE only (in this case the only browser that respects the rights of websites to go for at least a modicum of security), and add the anti-favelet code.
Option 'b', should not even be an option. Those 'encryption' programs are a scam. You can't make HTML 'IE' only. Certainly, one can create a page which isn't usable in any browser than IE, but the point remains that I can still access the page with my browser of choice (In my case Firefox) and get any content I really want to get. Anybody with the inkling to, a few minutes of time, and average knowledge of web development can get a website's content. I've come across many 'Encryption' companies, many of which thankfully no longer offer their services, and each time I see one, I go to their demo page and email them their 'unencrypted' source code.
If you seriously have a problem with somebody stealing your content, the most you can reasonably expect to do is threaten legal action. The old rule of thumb still holds true today, 'If you don't want it stolen, don't put it on the web'. If you are ultra serious about making it somewhat hard to get your source (which is the most you can reasonably hope to do) you inevitably wind up hindering the user experience. Disabling right-click being an example (Which amuses me, because even in IE, you can go to the View menu and select 'source'.) I redesigned a website where the client had previously requested the source to be 'encrypted'. It was totally unsuable in anything other than IE. A few months after the redesign, traffic started to pick up on the site and Firefox and Safari users began to represent a significant number (37%!) of total visitors.
In terms of IE 7 'squashing' the latest browsers, don't be ridiculous. I've used the Beta 1 of IE 7, it's a joke. They've copied Firefox-style tabs (not completely) and half-heartedly threw in some standards compliance updates (Still not enough to bring them up to full CSS 2 compliance, which is a 7 year old specification!). Opera, Firefox, Safari, Konqueror - all of these offer vastly superior user experiences, and even non-techie users whom I've installed Firefox and Opera recognize this. And Internet Explorer has even released a beta of a web developer toolbar. To hope and rely on the crappiness of a browser to protect you financially is a very risky venture.
tpeck
10-16-2005, 08:05 PM
Well put. The most I can do is threaten legal action. Yes, I think you are quite right. Option b. isn't a great option. Probably not even better than nothing.
Perhaps legal action is the best approach to everything (lawyers win again - next time around on this planet, I'm going to law school.)
That's why I would like to see international copyright laws actually mean something. But you can take a book - make a TIFF and post anything up there for all to download. It costs Penguin 35% of their (estimated) sales each year. I'd like to see IPs made responsible for their hosting actions. Even in Russia! I'm not even talking about personal webservers.
Waylander
10-17-2005, 12:18 AM
Id also like to point out that web sites are not full scale applications.
Protecting source code in an application is very understandable, software is paid for(most of the time) and an acceptable usage is signed usually with support for the software as well. Where as the internet is predominantly free to browse or use(sometimes with the choice of buying things) and Terms of Use will define what actions you are allowed.
In my opinion as a developer I would consider something like encrypting active content to run without an average user being able to easily view what it is doing as to be somewhat of an ethical rights violation, at its base level HTML is for displaying documents while of late the trends within the internet is to make sites active they are still only active documents, I just dont think its right to block somewhat out of understanding what there pc is doing without an accetable usage policy and support.
Especially now a days with so much concern of security and especially that greatest rising threat is from active content its self through spyware and adware. Im of the mind that submiting to the server is enough, all of the work possible should be done on the server I wouldnt use client side active content for anything more than a better user interface or more usable one, and certainly not relying on client side script for structure or processing.
Waylander.
tpeck
10-17-2005, 12:35 AM
That is one of the best arguments I've heard yet. Not only is it unlikely to work, it might just be unethical. I'll rethink my approach with that in mind.
Thanks.
Waylander
10-17-2005, 01:33 AM
I would like to see more control over the internet as well tpeck,
Mainly just to make it easier to use, we are down to limiting searches to sites we know are usefull/good with search engine rankings. If sites were physically grouped properly and if truely useless pages were not allowed on the net there would be no need for rankings, you could just search efficiently. The net has so much junk on it these days sometimes its riduculus wading through all the non-sense to get to what your actually looking for. As for theft, people steal, laws help but dont fix.
Waylander.
felgall
10-17-2005, 04:40 PM
The standards for the web are improving all of the time and most companies producing web browsers are not all that far behind the latest standards in what their browser supports. The sole exception is Internet Explorer which is now about five years behind the rest of the browsers.
Waylander
10-17-2005, 09:57 PM
It is actualy getting pretty bad now, most developers will joke about IE a bit, It used to be that IE's problem was only that it was lenient, so you could develop in a stricter browser and be confident that it would still work in IE.
With newer standards coming in for all the other browsers its starting to get to the point now where that doesnt work anymore, im forced to use IE first a bit more because of its bad handling of in-line elements and padding and margin, Im just glad that when I have had to use IE first that the other browsers are standards compliant enough that I can logically predict how they are going to handle it.
One of the things that annoys me the most is having to put in style definitions to make IE look right, that in other browsers dont change page appearance at all.
Waylander.
tpeck
10-17-2005, 10:59 PM
I suppose you could always contact Microsoft and tell them this. But why help the enemy? Would they listen? Their main concern is with backwards compatibility isn't it? How on earth are things ever going to go forward if they don't draw the line somewhere?
But I am not as confident as most who have written here that IE7 - even as crappy as you say it will be - will lose its dominant position. Big business just doesn't work that way. The best products don't always win as we know.
The only way I can see it falling over is if there is some other "must have" app or something that will only work with a standards compliant browser. Then the world switches over. But that's so unlikely because it's a dopey business decision.
Waylander
10-17-2005, 11:20 PM
Regardless of wether thats true or not the alternative percentage is not simply just going to disappear, it may stay the same or it may increase user percentage but it is definately not going to decrease. Im sure people would have been saying the exact same about unix back in the days of emerging operating systems, I dont think there ever will be a single fix for almost any type of software, even if there is a clear market leader.
Backwards compatability is great, one of the things I learned in project management is that just because things were done a certain way in the past, is not a justifyable reason for doing them that way in the future. If something is wrong it should be fixed, the internet sprawled when it began, and the standards that are trying to be enforced now a days are not above an understandable level of requirements but what should have been in place from the start, that couldnt possibly have been concepted at the time.
You are right to a certain degree, the percentage of non ie users is a minority.
Thats not in question, developing for code security by using only using IE to enforce it is a viable descision. I just cant get past losing those users straight off the bat, if the security is important enough to you then do it, if you tweak it enough you can probably block out a fair few of the code thefts, but not them all. My opinon however is biast being in the non IE minority, you've just got to weigh the posatives and negatives and make a decision.
Waylander.
MstrBob
10-17-2005, 11:40 PM
But I am not as confident as most who have written here that IE7 - even as crappy as you say it will be - will lose its dominant position. Big business just doesn't work that way. The best products don't always win as we know.
Well, I just wanted to point out that large buisnesses aren't going to adopt IE 7 all that quickly either. And there are large coporations that currently either promote or exclusively use other browsers. The main issue you're going to have with the adoption of other browsers is support, which is one reason open source software like Linux and FreeBSD have a hard time getting widespread acceptance. Server administration is very different in this regard, because the only one touching the server is a very technically affluent admin. But deployment on workstations means tech support, which many open source alternatives don't provide. For now. Really, at this point I think it's too early to tell the victor of this here Browser Skirmish, though I can tell you that technologically speaking, IE 7 is way behind.
felgall
10-18-2005, 05:09 PM
If everyone creates web pages that work in IE but work much better in other browsers then maybe prople will gradually change over.
Big business will have a compelling reason to adopt IE7 ASAP - SECURITY. It is the home users who will be slow to convert over and the other browsers will have a good chance to capture that part of the market particularly for those whose computers are running versions of Windows other than XP/2003.
MstrBob
10-18-2005, 05:44 PM
If everyone creates web pages that work in IE but work much better in other browsers then maybe prople will gradually change over.
Big business will have a compelling reason to adopt IE7 ASAP - SECURITY. It is the home users who will be slow to convert over and the other browsers will have a good chance to capture that part of the market particularly for those whose computers are running versions of Windows other than XP/2003.
I've heard these arguments before, and they never pan out. Big Buisnesses will, in general, probably adopt IE 7, but not immediately of course. Most all will wait a long while for any serious issues to come up and bugs to be patched. Not to mention the expense in upgrading, a lot of firms will simply use IE 7 when it comes time to replace the workstations, in which it will come with Windows Vista, which will come pre-installed.
And in terms of end-users adopting other browsers, I wish it were true. But most don't know and/or don't care. IE works, why would any of them change? Developers would be insane to not make pages work in IE. If people can't get the full website experience in IE, and find out, they'll just demand that they have it all in IE.
Frets
10-21-2005, 07:58 AM
Getting back to the original subject matter of content protection.
Quite frankly if you put something on the web you make it available for general usage.
Recently I was quoted on a sister site http://flashkit.com
The quote came directly from my blog. What struck me as odd is that the original
content was in swf format the text was embeded so not copy/paste.
How did he do it? well he could type.
One of the most amusing "hacks' I've ever seen was a rip from 2advanced.com
The hack was achieved by simply making a screen shots of the site.
If your content is so valuable you can't display it on the web then you shouldn't
display it. Or you shoud do so only thru https verifying the persons identity before hand.
sgwebdesigner
10-30-2005, 11:10 PM
It is very much getting harder nowadays to protect content. but nevertherless, i second the opinion, whats placed on the net whether you like it or not is for public viewing. either u get copied or ur lucky. the content will definitely be re-used, the bad part is that there is no credits due.
kiwibrit
11-01-2005, 04:09 AM
How do the various efforts at code protection affect accessibility? From what I have read, PDFs can be made accessible, but I assume if made so they no longer have the encryption effect - for text, at least.
If code protection does hamper accessibility, then, in the UK, I think it would breach the Disability Discrimination Act.
kiwibrit
11-01-2005, 04:19 AM
Deleted - double post
MstrBob
11-01-2005, 12:04 PM
Indeed you are right. Most all attempts at "code security" have serious usability effects.
"Source Encryption" - Makes your website only usable by those who have Javascript
"No Right Clicking" - Stops users from using their context menu for things like Navigation (Back, Forward, Reload, ect.) and Cut/Copy/Paste functions and bookmarking functions. Yes these functions are also available from the main menu of the browser, but so is the "View Source" function. ;)
"Website as an Image/Flash/PDF" - You're screwing over anything without eyes. Be it a search engine, blind user, whatever. Even users without Flash/PDF embedded in the browser.
You gain nothing from "Content Protection" and suffer severe usability issues from it.
As has been said many times (Even in this thread). If you don't want it stolen, don't put it on the web.
wenseslaw
11-01-2005, 11:09 PM
It is a silly way of doing it but doesn’t prevent users from downloading your entire web site. It just prevents you from right click but you still are able to press (Ctrl +A) and copy the entire page then paste it into your Microsoft Front Page and ZAZ…. Another way of bypassing it is saving the page File > Save As… and the other way is by looking at your Internet Temporary Files Folder.
Preventing users from right click on your page looks very silly and unprofessional. Every time when I see that I can’t hold the laugh thinking on the face of the guy who believe that he is content is protected but the worst thing is that if you challenge the users and force them to think the way around and that may expose the content in the source code that that have not intention to see in the first place.
Instead of prevent users from right click, you can “allow” users to right click but the right click event shows a menu, the menu is a hidden table with the position absolute set to the place where you have right clicked and at the end, you have accomplished the same but approaching in a very different way so you don’t challenge the users, you are allowing them to navigate easier.
Ubik
11-05-2005, 01:34 PM
pdf is the way to go, but even that can be hacked.
images are ok, I would put watermarks on them (in the center of the image, not off to one side or at the bottom, which can be easily cropped).
http is a public readable protocol, so everything you communicate through it will be read and can be copied and cannot be locked down.
Trust me, if there was a solution to this, the RIAA and the MPAA would have been using it to protect CDs and DVDs. CD and DVD is another public channel, and anything that can be viewed can be copied and distributed, no matter what they try to do.
Even if you use include files (which doesn't really protect anything because server code cannot be read by clients without proper access anyway), I am talking about including js and css files. These can easily be browsed to and copied as well, using the 'get site' or 'save site' portion of some browsers (i.e.) and tools (frontpage has it, dreamweaver has it, homesite has it, I am sure netobject and all of the others do to). It's called 'file -> open site' or 'file -> open from web' or something like that.
Although, if you content is soo great, why use it as a revenue stream, why not deliver the content for free and use the traffic to generate ad/clickthru revenue instead? Look at www.howstuffworks.com, boingboing.com, yahoo mail, even tvguide.com, I would gladly pay for that content.
seccondbest
11-13-2005, 03:14 PM
I thought i had the solution, to prevent people from stealing images but after reading this thread im not so sure anymore. this is what i did on one of my pages:
Place the image to display on a page
than place a transparant gif over it
If someone right clicks and chooses save as all they will have is the transparant gif since that lays on top of the original image.
As far as reading the source code i have tryed I-frames they load on a page with frames.
the source code would only tell the thief that on that location an I-frame should be loading. make sence so far?
what else can we do without messing up to much surfing time....
webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved.