I'm building a Rails app that has videos that users will see on the app and they will pay for it. So I need to ensure that no one can download the video. How can I protect, for example, that someone go to the source code the page and find the link and download it?
You can't really do this in standard Rails techniques. If you are serving the file yourself: Dirty Web Video Secret: If You Can See It, You Can Steal It
You can’t guarantee that a video can’t be copied, but you can make it harder by limiting the people with access to the video, by letting those people know that you can track how they view your videos, and by putting some reasonable technological hurdles in the way.
If you are OK using flash, then you can look at Brightcove's solution that uses "DRM" http://support.brightcove.com/en/video-cloud/docs/protecting-your-videos-drm
What do most people do?
They use an authenticated URL that expires (to prevent emailing and sharing), and trust their users won't download and share the videos. They then ignore those that do share (or file DCMA takedown requests).
Related
I've been asked to create an education ebook which contains 200 videos for a total size of 25 Go (!).
Although it is my first ebook creation, I can't imagine to embed so many videos in the epub file, and so, I plan to only use external videos.
Since the making of these videos requested a lot of work (and personnal funds), the teacher want to secure the videos and avoid the videos to be stolen and made publicly visible on other sites.
How can I include external videos in an epub ebook in a safe manner ?
Thanks in advance for any tips !
Short answer: there is no way to 100% "protect" a resource embedded in an EPUB file, if the user has access to the EPUB file itself.
Long answer: unless you are also creating the reading application intended to be used for consuming those EPUB files and thus you can prevent the user from "reaching" the actual EPUB file, there is no 100% secure way of preventing a user from extracting a resource (the video, in your case) from an EPUB file.
Traditionally, to prevent "oversharing" of the EPUB file itself or "unauthorized extraction" of some assets (images, audios, videos) two main techniques are used: DRM or per-purchase watermarking. If you apply a DRM (i.e., the Adobe DRM), there are programs to remove it with just a click. The per-user watermarking route seems difficult for videos, I do not think any watermark provider has a tool to insert hidden user info inside videos embedded in EPUB files.
Another possibility consists in NOT embedding the video inside the EPUB file, and just link to it or to declare it as a "remote resource" (see http://www.idpf.org/epub/301/spec/epub-publications.html#sec-resource-locations ). But again, this does not prevent a malicious user from downloading the video from the URL you need to specify in the EPUB file.
Probably the best solution consists in showing some information (like "(c) Name_of_the_author, 2016") in a corner of the video. Again, very determined pirates might crop that text off, but at least discourage the "casual oversharers".
As with every ePub response, this depends entirely on the distribution channels they require. If they plan to distribute the ePub files directly, and the ePub files are ePub3 / HTML5 compatible, I would suggest this:
host the videos on a site that provides custom domain-level-access to the videos (like Vimeo: https://help.vimeo.com/hc/en-us/articles/224817847-Privacy-settings-overview), then have the video live in an iFrame to your site and require users to authenticate to that iFrame before the videos will play.
This will prevent people from sharing the videos by simply copying and pasting a URL, which will give you client peace of mind. But there will ALWAYS be the possibility of an authenticated user downloading/saving the video and then re-posting it in a public place. But you will always have that possibility regardless of security: because someone can always do a screen record and audio capture for any video they can see.
Best of luck,
-Alex
I've been asked to integrate videos into an existing app which previously only let users upload posts with images.
I don't want to host the videos on my own server for the following reasons:
Server Bandwidth
File Size Limits and Storage Space
Slow-Loading Video or Unexpected Pauses During Playback
Issues with converting to specific formats
Piracy
Based off this article:
https://www.wp101.com/10-reasons-why-you-should-never-host-your-own-videos/
So I tried to research into where I could host the files and then I would simply have to store the URL in my db and use a video player to stream the content.
Vimeo and youtube seemed to be the main options I could find.
I'm wondering how best to implement, would I make use of a youtube API and on successful upload, grab the link and upload to my own server? I'm concerned this may be a long process for the end user.
Another problem is I can't see any swift examples (ZERO obj-c experience) of making the http request but perhaps it is still possible but I'd just have to write the code myself? I'm wondering if anyone has implemented anything like this already as I can't find any examples.
Looking at this question:
How do I upload a video to YouTube from within an iOS application?
None of the links in the comments work and the answer directs to the youtube 2.0 API and I'm concerned that this is now deprecated.
Any advice appreciated!
I am using Youtube (v3)API for my website where many youtube video thumbnails are displayed.
For example something like: https://i1.ytimg.com/vi/0ZL_q7oUVrQ/mqdefault.jpg
When I check the Google Insights(https://developers.google.com/speed/pagespeed/insights/) for my website it complains about bad 'Leverage browser caching'. I had already taken care by adding expiry date for static resources coming from my server like js/css files but Google insights is mainly complaining about thumbnail images which are coming externally, direct from Youtube servers.
My website has many of these thumbnails and caching them is very important for fast page loads but youtube servers have set the expiry time for only 6 hours and I do not find a way to change that since they are external to my servers.
I would be very thankful if someone can suggest me of any better way to take care of browser caching for my usecase where resources are coming from external servers(like in my case thumbnails from youtube servers)
I am surprised that Youtube sets the expiry for only 6 hours though images are the least possible resources to change often...!
It's outside of your control so I don't think you can do anything about it.
These are your options:
Cache/update cache yourself.
Get the remote admin to change it (not possible with youtube).
Ignore.
I'm building a service where people gets notified (mails) when they follow a link with the format www.domain.com/this_is_a_hash. The people that use this server can share this link on different places like, twitter, tumblr, facebook and more...
The main problem I'm having is that as soon as the link is shared on any of this platforms a lot of request to the www.domain.com/this_is_a_hash are coming to my server. The problem with this is that each time one of this requests hits my server a notification is sent to the owner of the this_is_a_hash, and of course this is not what I want. I just want to get notifications when real people is going into this resource.
I found a very interesting article here that talks about the huge amount of request a server receives when posting to twitter...
So what I need is to avoid search engines to hit the "resource" url... the www.mydomain.com/this_is_a_hash
Any idea? I'm using rails 3.
Thanks!
If you don’t want these pages to be indexed by search engines, you could use a robots.txt to block these URLs.
User-agent: *
Disallow: /
(That would block all URLs for all user-agents. You may want to add a folder to block only those URLs inside of it. Or you could add the forbidden URLs dynamically as they get created, however, some bots might cache the robots.txt for some time so they might not recognize that a new URL should be blocked, too.)
It would, of course, only hold back those bots that are polite enough to follow the rules of your robots.txt.
If your users would copy&paste HTML, you could make use of the nofollow link relationship type:
cute cat
However, this would not be very effective, as even some of those search engines that support this link type still visit the pages.
Alternatively, you could require JavaScript to be able to click the link, but that’s not very elegant, of course.
But I assume they only copy&paste the plain URL, so this wouldn’t work anyway.
So the only chance you have is to decide if it’s a bot or a human after the link got clicked.
You could check for user-agents. You could analyze the behaviour on the page (e.g. how long it takes for the first click). Or, if it’s really important to you, you could force the users to enter a CAPTCHA to be able to see the page content at all. Of course you can never catch all bots with such methods.
You could use analytics on the pages, like Piwik. They try to differentiate users from bots, so that only users show up in the statistics. I’m sure most analytics tools provide an API that would allow sending out mails for each registered visit.
I'm developing an iOS app that generate video files and have a social gallery for users to display their clips. After a lot of research I found that Google Drive would be perfect to fit my needs so I did some testing and sucessfully made the app upload the file to GDrive and everything.
Now I need to stream the uploaded file in a MPMoviePlayerViewController, for that I would need some kind of direct link, I'm right? After my initial tests I used the variable WebContentLink as a source URL and it worked flawlessly, I was really happy with the result, however now it doesn't work anymore, I don't know what happened and I think the method that I used is not realiable? I tried all the other possible links and none of them seems to work.
Can someone give a guidance about if this is really supported by Google Drive and how it's the best way to archive that in a reliable way?
Thank you very much !
I too encounter the same error when I try to download 28 times (testing) the same 24mb file.
However I realise if I am to download using the content owner ID, it does allow downloading after the 28th time
https://docs.google.com/a/onwardsct.com/uc?id=0ByvXJAlpPqQPYWNqY0V3MGs0Ujg&export=download
Sorry, you can't view or download this file at this time.
Too many users have viewed or downloaded this file recently. Please try accessing the file again later. If the file you are trying to access is particularly large or is shared with many people, it may take up to 24 hours to be able to view or download the file. If you still can't access a file after 24 hours, contact your domain administrator.
The experience for streaming files natively is not ideal right now, sorry. It is something Google are working on.
You are doing this correctly though. The webContentLink should use the user's quota, and that should be enough for most cases. If you can give some specific numbers, we can look at it.
The embed link is the best way to show it on a mobile device, but as you say won't work everywhere.
yes, google drive can be used for hosting and stream videos as you like. It can also be used as demo server for web projects. Here is how to host a website on Google drive.