topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 10:14 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: In need of security advice ...  (Read 10541 times)

barney

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,294
    • View Profile
    • Donate to Member
In need of security advice ...
« on: January 01, 2011, 12:36 AM »
Folk,

I'm setting up a Web site for baby daughter to upload her pics - she's been exercising the EOS Rebel she got for Christmas a year ago  :).

Being lazy, I decided to go with WordPress rather than build a site from scratch.

Baby daughter wants to insure that her photos cannot be captured by nefarious denizens of the Web.

I've been reading about no-copy  plugins 'til my eyes are starting to bleed, and I've tried several of the seemingly better ones, but I'm not particularly happy with the results.  I've just about decided that this would be better done via .htaccess, in spite of the fact that I'm not as conversant with it as should be.

However, I thought I'd ask here, see if one amongst you mavens of mystery/mastery might know of a plugin/process that might work.

The ones I've tried to date all seem to work well enough, although one of 'em provides many database warnings.  But the rub lies in clicking the thumbnail to produce a full-sized image.  The plugins have prevented highlighting, right click, most of the standard copy practices - until the thumbnail is clicked.  That provides the full-sized image just fine - but it's neither copy- nor right-click-protected.

At this point, I'm thinkin' that a modification to the .htaccess file might better serve the purpose, although I'm a lot weaker in that arena than I ought to be.

Oh, the reason for choosing WP is the ability to provide descriptive material for each photo, each being a separate post, in effect.  I've looked at some gallery apps, but they just don't work for her.  I've suggested photo sites - Flikr, et. al., but she doesn't trust 'em - nor do I, to any great extent.

Any suggestions as to how this aim might be accomplished?  As long as it doesn't require an ocular transfusion, I'm ready to try just about anything.

Addendum:  descriptive material might be just date and time, or it might be several paragraphs describing conditions, lighting, location, camera settings, and the like, hence the separate post concept.
« Last Edit: January 01, 2011, 12:43 AM by barney »

mahesh2k

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,426
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #1 on: January 01, 2011, 12:50 AM »
Two types of plugin you need here - one is hotlink protection and another one is wp-copy protect plugin. Hotlink plugin will make sure that it is not linked outside the domain while copy protect will not let users right click on your site which gives basic protection. Now important thing you need to do is hide image URL when user performs View>source query on browser. I don't know if there are any plugins that do this but you can write custom JS plugin that hides the IMAGE urls when broswer renders them. Best option is using flash slideshow which gives some protection but even flash files can be extracted.  :s

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: In need of security advice ...
« Reply #2 on: January 01, 2011, 01:12 AM »
It can't be done.

If you make the image available, it's available. Period. You can make it difficult for someone to get the picture, but not impossible.

The only thing you can do is to have people make accounts and then authorize them, then only serve up the pictures to those people that you want to see them.

For that, you're better off just going with something like Flickr though. It's easier. Well, that is if you want to just have a gallery.

If anyone tells you that they can protect pictures 100%, they are lying.

The closest that you can come to it is to have a custom ActiveX, Java or Silverlight (maybe) plugin to serve the pictures and then have it black out the picture if someone tries any screen recording. However, I doubt that would even work. (Flash might have some capabilities there, but I am not sure.)

Once it's on the web... It's on the web. There's no going back. If you don't want pictures there, don't put them there.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #3 on: January 01, 2011, 04:20 AM »
Renegade said it all.   :up:

Whatever you implement, you can't stop a simple screengrab - even if you stop the print screen key from working - I could always use a bit of software to grab the screen some other way.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: In need of security advice ...
« Reply #4 on: January 01, 2011, 07:59 AM »
+1 for Renegade and the nude one.

Unless you go to really extreme solutions involving the use of custom hardware, you can't stop nefarious people from grabbing and (mis)using your images. If your daughter puts her photos on the net, that's just a fact she'll have to live with. The various "no-copy" methods will only make it difficult for benign people who'd like to use a pic as wallpaper, it won't stop the baddies.
- carpe noctem

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #5 on: January 01, 2011, 08:50 AM »
For every trick you can think of to protect an image, there are at least 3 ways to get around it.

Even services you pay for, like Digimarc, can't protect you. It won't stop anyone from getting the photos or displaying them elsewhere, and the embedded "invisible" marks are really easy to remove by just creating a new blank image of the same size, copying the original and pasting as a new layer, then merging the layers.

I experimented with this stuff when my daughter considered it for her photos. Paintshop Pro comes with the tools needed to embed & read Digimarcs, and a sample key to see how it works. I just played around with some basic stuff till I was no longer able to read the sample mark. It didn't take very long. I was able to remove it on the 2nd try, without visibly altering the image. (first try was copy & paste as new image, which failed)

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #6 on: January 01, 2011, 09:41 AM »
I've never used SmugMug, but I know people who have, and they're very pleased with the array of features, which include a number of different ways to protect the privacy of your photos.  Here are a few that they list:

At SmugMug you can:

    * Password-protect selected galleries.
    * Password-protect your entire SmugMug site.
    * Tell search engines to ignore you.
    * Hide selected photos so only you can see them.
    * Make selected galleries private. Your friends can visit them without entering passwords, but only if you give them the address.
    * Make your entire SmugMug site private. Your friends can visit without entering a password, but only if you give them the address.

I'm not sure whether this will meet your needs, but I thought I'd mention it.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: In need of security advice ...
« Reply #7 on: January 01, 2011, 10:47 AM »
    * Tell search engines to ignore you.
    * Make selected galleries private. Your friends can visit them without entering passwords, but only if you give them the address.
    * Make your entire SmugMug site private. Your friends can visit without entering a password, but only if you give them the address.

All of those are empty promises and massive security holes. They make things harder for amateurs, but experienced people can hack through them.

If things are sensitive, then it's not worth it.

It's better not to put anything on the net that you don't want there without serious security. That isn't serious security. But then again, that may be all you need. It's probably more than most people need.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

cyberdiva

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,041
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #8 on: January 01, 2011, 01:21 PM »
I wonder whether we're losing sight of barney's original message.  He was trying to find a way to prevent bad guys from taking photos his daughter will put up on the Web.  Some of the early responses dealt with the difficulty of locking down a photo that anyone can see.   

I wonder, though, whether the protections SmugMug makes available are as lame as Renegade claims.  I certainly agree that telling search engines to ignore you is not a dependable way to protect anything.  But some of the other protections SmugMug offers seem as if they might do the job.  If, for example, barney's daughter password protects her entire site with a strong password, the bad guys won't even know what she has put up.  And while it's possible for a pro to break some passwords, why would s/he bother to do so on a site s/he knows nothing about?   I think Renegade is right when he says "It's probably more [security] than most people need."

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: In need of security advice ...
« Reply #9 on: January 01, 2011, 01:27 PM »
I wonder whether we're losing sight of barney's original message.  He was trying to find a way to prevent bad guys from taking photos his daughter will put up on the Web.  Some of the early responses dealt with the difficulty of locking down a photo that anyone can see.   

I wonder, though, whether the protections SmugMug makes available are as lame as Renegade claims.  I certainly agree that telling search engines to ignore you is not a dependable way to protect anything.  But some of the other protections SmugMug offers seem as if they might do the job.  If, for example, barney's daughter password protects her entire site with a strong password, the bad guys won't even know what she has put up.  And while it's possible for a pro to break some passwords, why would s/he bother to do so on a site s/he knows nothing about?   I think Renegade is right when he says "It's probably more [security] than most people need."

I meant to address unprotected URLs. Friend WILL pass them around. The pictures WILL get around. But, logins and passwords do not get passed as easily. Password protection is entirely different, and I didn't attempt to say that it is bad.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #10 on: January 01, 2011, 01:34 PM »
I don't know Flickrs, Picasas or SmugMug security procedures but am almost sure anything not evolving her/you setting up own website is many times more secure - also if you don't trust them. Don't ever trust them too much btw ;) There are probably some good hosts and if you know Wordpress nothing bad will happen, not easily. But there are also crappy hosts and Wordpress does require maintenance. You must check them out in details before deciding, can be difficult - they are good at advertising and promises.

After that worry about people snatching pics.

barney

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,294
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #11 on: January 01, 2011, 03:06 PM »
Perhaps a bit of clarification is in order  :huh:?

It is an article of faith with me that anything tech can make, tech can break.

So the question of security becomes one of effort vs. return.

As was mentioned, screen capture is always a viable way to get an image.  However, screen capture produces an image somewhere between seventy (70) to 100 dpi - not certain about Linux, but don't think it's greater - which is a far cry from, say 1440 dpi, which would make the capture pretty much useless for offline purposes.

The purpose of security in this case is to make it reasonably difficult to obtain the original photo images.

The WP blog is hosted on one of my domains at HostGator, but will eventually be transferred to BD's domain once she decides upon a name and obtains it.  (Sidebar:  if another host would be more appropriate, that'd be fine.)  WP is marked so as to prevent search engine scanning - not reliable, but it's simple to configure and could possibly help ... at least it should do no harm.

If this were mine, I'd make access much more difficult, but this has to be done with BD's current knowledge in mind, as well as some degree of ease of use, i.e., as transparent to her as possible.  It also should be reasonably simple for her chosen friends to access, preferably view-only.

I've tried several plugins that reasonably protect within WP, but become ineffective as soon as the actual image - not the thumbnail - is displayed.

The rationale behind all this is that BD is considering the pros and cons of becoming a professional photog, so she needs some input from others on the pics she's taken.  Copyright(s), watermarks, and the like provide some degree of protection, of course, but not enough.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: In need of security advice ...
« Reply #12 on: January 01, 2011, 03:15 PM »
As was mentioned, screen capture is always a viable way to get an image.  However, screen capture produces an image somewhere between seventy (70) to 100 dpi - not certain about Linux, but don't think it's greater - which is a far cry from, say 1440 dpi, which would make the capture pretty much useless for offline purposes.
If you don't want images in the original resolution captured, don't put the original-res images online - simple as that.
- carpe noctem

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #13 on: January 01, 2011, 03:21 PM »
Well I would then research photographer sites/forums. Others will have had the same concerns and worries. They must know what is possible regarding watermarks - must be an essential part of the setup since she could be Worlds best photografer ever! For pro work watermarks is a must I would think. Digimarcs apparently don't work so what does? Is Digimarcs Rolls Royce of watermarks or surpassed long ago?

Lowering quality of images might be not be optional for pixel freaks like she probably is but of course if not available there is nothing to steal. That will work  8)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: In need of security advice ...
« Reply #14 on: January 01, 2011, 03:50 PM »
Even if you watermark photos, what are you going to do when somebody misuses them?
- carpe noctem

barney

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,294
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #15 on: January 01, 2011, 04:36 PM »
That's when copyright comes into play, weak as it is.

The point here is to make this more difficult than most folk would consider worthwhile overcoming.

And, although copyright is not all it could be and is frequently misused, most folk will shy away from perceived violation.  The implied threat of legal action will deter many.  The security stuff is to make it more difficult for others.

While absolute security is a non-sequitur, reasonable security can be approached, and that is the windmill at which I tilt, for the nonce. 

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #16 on: January 01, 2011, 06:19 PM »
I'm not so sure that the issue of effort vs. return comes into play with hacky "content protectors" as bypassing them is usually effortless. Also I find such tricks to be pretty obnoxious. If I can view the content then that's simply it, I have a copy of it on my machine, a copy I was willfully given. Anything someone does to try and make it difficult for me to get at what is already on my machine is simply wrong, evil, and highly malicious behavior.

If you don't want someone to have a copy of an image, then don't give that someone a copy of the image.
« Last Edit: January 01, 2011, 06:22 PM by Eóin »

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #17 on: January 01, 2011, 10:11 PM »
If I can view the content then that's simply it, I have a copy of it on my machine, a copy I was willfully given.

...and that is the best short description of the end-game so far. Anything viewed is already had, end of story.

Locks only keep out honest people, and copyrights don't scare anybody - Dire FBI warning at the beginning of every movie ... ever meet anyone that didn't laugh at it? I haven't.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: In need of security advice ...
« Reply #18 on: January 02, 2011, 01:23 AM »
The sanest, most effective thing I can think of is to have:

1) Thumbs with a small lower-corner watermark.
2) Full-size photos/images with watermarks either large or patterned. Lines through works as well.
3) Have a back-end application/script that can serve up full photos/images without giving out their URL and have all the full images with no read permissions.

1 & 2 are trivial.

3 is more complex, but safe. You only serve up the full images to authorized users or paying customers. There are plenty of scripts out there that do that. They typically have URLs like this:

http://somesite.com/image.php (gets info through a POST)
http://somesite.com/...mp;imageid=someimage (checks you to see if you are authorized & serves up your image)

Often the "someimage" ID is simply randomly determined and not actually an ID for a particular image. i.e. It's a transaction ID. That's safer.

I think the above recommendations to check out professional photographer's sites is a good idea. Or just search for "stock photography" and have a look at how they do it.

Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #19 on: January 02, 2011, 03:22 PM »
Yes but from a pragmatic point of view is SmugMug not the optimal solution? I have no "Pro" account and only know them as being "highly recommended" as a the choice for serious pixel sharing - when Flickr, Picasa are not sufficient. They target people just like her so why are they not good enough? Answer that or go SmugMug (or their competitors which I don't know) Another very important parameter is presentation. If SmugMug has the perfect theme, the perfect mini-blog/info section that might overrule any possible "better" security setup she "might" be able to set up on her own (or with help from dad). Doing something on your own is not necessarily any better. Wordpress can do many things or rather plugins can but how does she imagine her photos being presented. SmugMug or similar will make it easy and slick - way more than a default WP setup. What promote her ambitions of going pro the best? If possible if and if concerns about throwing content at an (highly recommende) online service is a worry how much better is alternative? If it is a knitting project of cool scripts and self hosted you need to maintain each part on a daily basis (if paranoid enough!) - if not maintained kiss security goodbye ;)
« Last Edit: January 02, 2011, 03:29 PM by Bamse »

JavaJones

  • Review 2.0 Designer
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,739
    • View Profile
    • Donate to Member
Re: In need of security advice ...
« Reply #20 on: January 02, 2011, 03:41 PM »
Is it really necessary that full size or even "large" images be put up? The vast, vast majority of images most photographers (and other artists) put up online are very reduced in size. Even something like 1280x1024, while plenty large for near full screen viewing by most systems, is still a far cry from original native resolution of average digital cameras today (where files are often 2-3000 pixels wide). Not to mention the slight quality reduction of JPG compression. So if your concern is *offline* use (e.g. printing) or other purposes where high resolution originals are needed, then just put only downsampled pictures up. For my photoblog, for example, I tend to only put up about 800x600: http://photoblog.oshyan.com
Smaller than some people might desire, but big enough IMHO to enjoy and critique for composition, color, and even detail. Watermarks are more intrusive, I find.

Ultimately, as others have said, there will be no way to prevent some people from reusing the content. The question is where do you draw the line. Low(er) resolution pictures are one good approach that has really no work-around for would-be thieves. But it won't stop online-oriented image theft or those who don't care about low resolution images. For that a simple right-click protection script might be worthwhile. Yes, it will not protect against everyone and every type of attack, but it will prevent *casual piracy* which I think is all that is ever worthwhile. Most piracy of this type is in fact committed unknowingly (i.e. the thief doesn't really know or recognize that what they're doing is actually illegal; trust me, I know tons of people who do or have done this and have had to educate many about it, it's seldom malicious).

Another thing you might want to consider, if the "click to enlarge" thing is causing issues with protection scripts, is not bothering with that extra step. Why not just embed the largest size image in the page? Look at how my Photoblog is done. If the image is the central focus, it shouldn't require a click to be viewed. You can have information at the bottom quite easily, along with the option for people to add comments. Wordpress is designed as a text blogging solution so its focus is naturally on text, not images. If the focus *is* intended to be on images, consider a photoblogging solution like PixelPost: http://www.pixelpost.org/

If not that, then I would also highly recommend SmugMug if a hosted solution is desired. It's not free, like Flickr and others, but it has a way better gallery interface, much more power and control, no (or few) limitations (depending on account level), and for Pro accounts there are lots of options for selling photos. Regarding the size issue, you can also very flexibly and powerfully control what sizes different levels of viewing permissions get to see, so for example anonymous users (those without a password) would see only small size images, people with passwords would see larger but not original size, and she could have the originals up for e.g. commercial use (sell prints or digital originals) or for her own archival or other purposes, yet no one else would ever have access to them (without paying). The system takes care of all the resizing and security.

- Oshyan

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: In need of security advice ...
« Reply #21 on: January 02, 2011, 11:21 PM »
Yes but from a pragmatic point of view is SmugMug not the optimal solution? I have no "Pro" account and only know them as being "highly recommended" as a the choice for serious pixel sharing - when Flickr, Picasa are not sufficient. They target people just like her so why are they not good enough?

I'd say go for it. But just do so understanding the security implications and not setting expectations too high. Good enough is good enough. At some point you just need to get it done and move on. If it's working for other people, there's no reason why it shouldn't work for you and your daughter.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: In need of security advice ...
« Reply #22 on: February 14, 2011, 06:47 AM »
I've been buying up a bunch of artwork lately, and came across some protected images on what's actually an excellent site.

Well, I wanted to check to see how some edits would look on it before buying... 10 seconds later I had the image without a screenshot (from source). (I was surprised when I got it with no watermark.)

Anyways, just one of those things -- you can't really protect pics on the Internet.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker