Can I make a video not downloadable? [closed]
It is impossible to show the user a video in a browser without them also having the ability to download and keep it. If there was a way to do so then every video site would be doing it.
There are a bunch of tricks you can do to make it much more difficult such as only allowing the video file to be requested within X seconds of the page loading with some clever server-side logic - but these are just minor roadblocks.
To attempt is futile.
As PhonicUK said: if your browser shows something, a user will always have the possibility to store that information somewhere. You'll never be safe, unless you implement some kind of encryption, but you wouldn't want to do this yourself. If you offer the video files for download, even worse. When a client has a file to store on their computer, it's completely up to them what they want to do with it. They can copy it to other devices, upload it online, etc.
And this is not a bad thing. Whenever you try making it harder to rip a video, you make it harder for regular paying customers to get and use the content as well. This is, in essence, annoying. Several companies have tried to enforce copyright schemes upon users and majorly screwed it up. For example, there was a time where CDs were only playable on a computer by launching a separate clunky piece of software rootkit. Needless to say no honest paying customer liked that. Music distribution services like iTunes used to sell DRM-protected files, but later decided to ditch that.
Making your customers happier could make them recommend your services, and not shoving a complicated and customized copyright protection (like supplying the files in an application that decrypts them) will make you stand out as the good guy. So far, almost every protection was broken at some point anyway. Your business really should not rely on the content alone, but on the satisfaction of the customers primarily.
Now, for businesses that depend on monetization of their content, and where piracy would cause major loss (if there's a way to measure that is debatable), there are streaming services that specialize on content distribution with proper access right management and content protection. Brightcove is one of those services:
Protect your valuable contentEnsure your video is safe. Use RTMPe stream encryption and SWF verification to prevent video stream ripping and content theft and ensure that your video stream plays back only in your authorized players.
There are similar services, who mostly partner with broadcasting institutions (TV channels, etc.), but note that if you decide to go that route, you will have to pay for the service. These services don't work miracles though. If you can view something on your computer you can easily run a desktop recording software and capture it to a file. If the file's been viewed in the browser it was cached somewhere as well. So, in essence, expect your customers to play nice, and play it nice yourself.
If a user can see the video in his computer, the video is, somehow, downloaded to his computer, so that his computer can process it and show it.
If it is downloaded, then, well... it is downloaded. Very basic and very complicated at the same time: doesn't matter if you allow the person to see it in the web, or require him to use a special program, or to use a special key... at some point, the program is run, the key is used, and the original video is displayed in the screen. Even HDMI devices, that should have some special hardware allowing to encrypt/decrypt the video, were already hacked.
And you can't prevent the user from using a camcord to record the video from his monitor.
If all your business relly upon this, something is wrong or something will go wrong.
Even if you take the considerable effort develop your own video player plugin, which performs a session key exchange with your server and receives the video stream encrypted with a session key, attackers will simply take the path of least resistance: the playback hole. The playback hole means that a video can be duplicated by using a program which grabs the decoded frames from the frame buffer while the video is playing, while simultaneously capturing the audio by tapping into the operating system's audio framework.
You have to ask yourself: if the video is freely viewable, what's wrong if someone wants to stash away a copy? The only consequence is that people can share the video and not visit your site. But you can put notices in your video which lead people back to the source. So it's ultimately a good thing. People are copying your video and seeing your message. You have duped people into letting you use their private storage devices to host your video! :)
If you somehow succeed in making a video very hard to copy, then it will be only copied by hard-core crackers. Hard-core crackers will not be satisfied with merely sharing the cracked video. They will want credit for cracking it, so they will deface your video with their own messages, perhaps removing or overwriting some of your visual or audio content.
If your video is easy to download and copy, then it will be your original, unaltered video in its original quality that people are sharing.
This can't be done. It's analogous to mandating that a magazine you've mailed to a subscriber is shredded after they read it.
In order for the user's computer to show them the video, the computer needs to know what to show them. This requires the server to send the content to the user's computer. While there are systems of video delivery that can prevent the common user from saving a streaming video, the fact that you have to actually send the content of the video to them in the first place means you can't prevent them from getting the video.
Videos can be encoded in various different ways (mp4, avi, mov, etc). The important thing to remember here is that the encoding is not there to prevent people from viewing the content, but to enable people to view it by defining how the data should be converted to picture and sound. In order for a user to watch a video at all, they need both the data making up the video and some tool to show that to them as a video. There is no way around that. Take away the data, there is no video to watch. Take away the method to transform it into something meaningful, and the data is just junk that can't be watched.
The bottom line is this:
- If your video can be watched, it can be downloaded.
- If your video can't be downloaded, it can't be watched.