I have a video site using a HTML5 video player. Users pay money to join the site. But the download manager (in mozilla) or real player download manager can download our videos from the server.
I want to prevent or block these applications. How can I prevent the programs from running?
There is no DRM (Digital Rights Management) in the HTML5 spec, so you cannot do it with HTML5 video.
There are attempts to add DRM to HTML 5 (Encrypted Media Extensions)
With tech companies abandoning the proprietary Flash and Silverlight
media players for HTML5, it was inevitable somebody would try to
inject DRM into the virgin spec.
Microsoft, Google and Netflix are that “somebody”, having submitted a
proposed modification to HTML5 to the World Wide Web Consortium (W3C)
for “encrypted media extensions”.
http://www.theregister.co.uk/2012/02/23/microsoft_google_netflix_html5_drm_infection/
However, such extensions are not available today and will not be for some time, if indeed the proposal is even adopted.
If you need DRM, you will need to use a video technology that supports it.
Even with DRM you simply can't - whatever you've sent to client (keys/content/whatever), client can simply save and replay when he needs decoded stream again. The only solution that would reliably delay decoding, is some hardware solution, but as I understand you'll be going over regular HTTP and browser.
Your problem is legal one and should be solved with legal means.
Overlay their unique user ID onto the video, so if they do capture it, then legal action can be taken as you can prove it's them that downloaded it.
other than that, nothing you can do really...
Related
I'm building an application that allows users to upload multimedia files they create (audio, video, graphic) via my web frontend, and then other users can stream/download the files to their phone using my mobile app. I'm building the mobile app with react native. The problem is with the android platform-- when the files are downloaded, they show up in the Downloads folder, which means they can be copied, moved, and opened from other apps.
Since the file contents are copyrighted, I need to find a way to
prevent these files from being listed in the Downloads folder
and / or
prevent other apps from opening them.
Apps like Spotify and Netflix manage to do it (e.g. if you download a playlist from Spotify, you can't see them anywhere else on your phone). I believe some kind of encryption/decryption scheme is involved. But I don't know enough about it. Would appreciate any insight on how to go about this.
As Luke says, there is no 100% protection, but usual approach is to encrypt the files and to use a DRM system to manage the secure transition of the key from the server to the client Android device.
Android devices (generally) come with widevide DRM built in and this is probably the most common one used, but the system supports other DRMs also and device vendors may add different ones.
If you are prepared to accept a less secure encryption, but one which may be good enough for your needs, then MPEG DASH includes a 'clearkey' option which ExoPlayer supports. If you do go this way it is worth checking on the latest ExoPlayer status as this feature is being worked on at the moment:
https://github.com/google/ExoPlayer/issues/3178
I am working on jwplayer video and I need to prevent the video from download.
When i double click on mobile chrome browser while video is playing it gives me the download option.
I have study so many articles and blogs posts about this but still could not find any solution.
I don't want to use HLS stream option. Is there any parameter jwplayer use that recognize the authenticated users and play video only for them? or is there any other way to do it.?
If you are worried about the video being copied by authorised users then ultimately there is no way to stop the user downloading it - the video has to get to the device/browser for it to play and it is not hard to get around any URL obfuscating etc.
The usual approach to avoid copying is to encrypt the video and use some secure way to send the key to decrypt it.
This is essentially what DRM systems do.
The stronger DRM implementations generally also make sure that the end user or application never is able to . This is done by having the encrypted video and the key do their work within a 'secure media path' in the device, that applications and even the OS have no access to.
Like the title states, what is the difference between PlayReady/Widevine and ClearKey? Is PlayReady/Widevine better than ClearKey?
ClearKey is a free alternative to commercial DRM solutions for MPEG-DASH content (MPEG-CENC compliant), but as it is only an encryption solution it does not offer the same level of protection as PlayReady, Widevine or Fairplay.
[Opinion:] If you need a complete DRM solution then working with a provider who supports an integrated DRM solution for origin and playback (eg BuyDRM or Ooyala) is going to provide more protection
Widevine: Widevine is a Hollywood grade DRM technology initially developed by Widevine Technologies and acquired by Google in 2010. Widevine is natively supported on a broad range of devices and browsers such as Google Chrome Browser, Android, Chromecast, etc.
PlayReady: PlayReady was developed by Microsoft and is one of major DRM systems available, with broad device support, sophisticated features, and has been used for very large scale events such as the Olympics in Sochi, Russia.
Fairplay: Fairplay is designed for Apple HTTP Live Streaming (HLS) supporting playback on devices such as iPhone, iPad, Apple TV and Mac OS X. Fairplay is also used as Content Decryption Module (CDM) of the Safari browser. This enables HTML5 native playback of (non-standard) DRM encrypted Fairplay streams without plugins in that browser.
The main differences between clear key and the 'normal' DRM's (which Offbeatmammal has nicely summarised) are:
clear key does not encrypt the key itself. It is simply plain text, 'in the clear'
No special client side content protection is required to play back the content
To explain the first point, most DRM systems are essentially mechanisms to get a key from a key server to the player device, without anyone being able to intercept or read the key. If someone was able to read the key then they could unencrypt the content. To achieve this DRM systems encrypt the key itself before sending it. For clear key, the key is not encrypted like this.
The second point relates to a secure or protected media path through the client device. This means hardware and/or software in the client device or browser which accepts the encrypted content and the encrypted key and then plays back the content directly to the output device without any input or possibility to copy by any other parts of the system or any other software. Again, clear key does not have this.
I'm trying to implement audio recording in a website. Basically the user should be able to press a button and speak something into the microphone. The recorded audio should then be sent to the server for further processing. I realise that you can do this with Flash, but for now I'm trying to avoid that.
I found several resources on the internet about it (i.e. link) but as it seems, this functionality is not widly supported yet. I experienced differences betweet the used browser and between the used operating system. For instance, the Chrome Browser doesn't seem to access any microphone on Linux correctly. So i was wondering if anyone knows a good resource to dive into this. Or maybe someone tried to set up something like this himself, and can help with some suggestions about where the limitations of HTML5 and the JavaScript Web Audio API are right now.
Thanks!
As of Chrome Version 27.0.1453.56 beta Mac, audio recording works with this demo application https://github.com/mattdiamond/Recorderjs
This app returns back a WAV file for the user which can be uploaded to the server.
If you want a truly robust solution that works on most desktop web browsers, you may need to resort to Flash.
This article covers up pretty well the current state of audio video capture possibilites using HTML5:
http://hdfvr.com/html5-video-recording
Also for just audio capture, here's a gitHub project that records audio to mp3 directly from the browser:
https://github.com/nusofthq/Recordmp3js
I'd like to be able to control the system microphone volume from the browser.
I know that the microphone can be recorded from using Flash or Silverlight, but these don't allow control of the microphone volume. (Flash has Microphone.gain, but as its just a software multiplier, it doesn't help when the system mic volume is muted or too loud.) I suppose the mic could be modified via a Trusted Java Applet via JNI, but getting Java installed on a user's computer is hard for non-savvy users. (Not to mention the problems with getting an Applet to consistently load.)
I've heard that HTML5 will have some sort of microphone access, but whether it will allow volume control is unclear to me. At any rate, I don't think any browsers support it yet.
Are there any plugins that would allow volume control? The old Google Gears project has some AudioApi docs, though these don't seem to have made it into the actual plugin. There's also the Google Talk plugin- it seems to do some kind of gain control, but its unclear if there's an api to the plugin.
Perhaps there's a draft HTML5 implementation plugin for microphone access (like indexeddb, for example)?
The verdict is that it would be a security concern. There is no way the system microphone volume can be changed by a browser application unless a plugin is used, just like there is no way to change the system speaker volume. However, you can amplify or reduce the input stream in Flash or Java.