34 Replies
im creating a lms with laravel
and im trying to remove the downlaod so people can only see it live
is it possible? like netlifx and …
( not only remove the button from video player)
controlslist="nodownload" <-- that should do it
however, this is like putting a piece of string on top of a crater created by a meteor
it simply hides the button
https://developer.mozilla.org/en-US/docs/Web/API/HTMLMediaElement/controlsList
you might also want to check this:
https://developer.mozilla.org/en-US/docs/Web/API/HTMLMediaElement/controlsis this the safest way?
no
it doesn't have anything to do with safety
cuse i think they can download it if they open console 🤔
yeah, and from youtube too
it's harder from youtube because they send the video in chunks with a lot of "fuckery" from behind
i already hide button
but im looking for a way so no one can donwload it like netflix or …
you can't
to show the video, you have to download the video
if i were you, i would just shove it on youtube and forget about it
i cant use youtube
do you know what netlfix or other streaming platform do so they can hide it?
lots and lots and lots of server-side obfuscation of the urls
and they download the videos in chunks, usually with the audio separated
They use Digital Right Management tech, which is a fancy way of saying "they pay a lot of money to get cryptographic certificates that your client software (usually your browser) has to validate in order to show the files". But it's only barely more secure than hiding the download button as the video data has to be decrypted before being displayed so pirating it is just slightly harder but still possible.
and some even draw frame by frame into a <cannvas>
that's the "prevent the video from playing anywhere else" part
not the "prevent the download" part
but it is true
widevine is one of the DRMs used
There is no way to guarantee that the end user won't "steal" your video as all they would have to do is record their screen while watching the video how you want them to
Same end goal.
yeah, but it's from the other point of the 2048-point star
The only way for an end user to not be able to download and save your video is for them to not have access to it at all on a device they can operate how they want. i.e. you would need to send them a device they can only use to watch your video. (And even then one could just hook up sensors to the chips or the display cables and syphon the data from there...)
or use a phone, so, you need a privacy screen
🤯🤯🤯
its so hard
what's the attack vector you're trying to protect from?
just random john doe downloading the video?
yes 😂
just hide the controls
i completed lms project
ye already do it
and i want try to do this but it seem it’s impossible
then focus on the other things
even tho netflix and other services try to stop you from downloading stuff people still manage to do it 😉
it basically is, yes
No "basically" about it. This is the internet—in order for someone to see something you need to send it to them. So no, there's no way to remove that ability completely. There's always a way.
if your ship sails on the open seas, you will find a bounty-full treasure trove of netflix downloads
if people can get it from netflix, who tries incredibly hard to orevent that, then yours can be taken too
You can make it hard enough that the average person won't bother. But the only way to 100% prevent it is to never share.
Of course, all that is assuming desktop. Mobile browsers/apps are more limited in dev tools etc so it's a lot easier to block it on mobile.
You can do fingerprinting of the video, so that if it is shared, you can at least track down who shared it, but it's unbelievably computationally expensive, and doubtful you'll actually be able to act on that knowledge in any real sense
I can tell you now that no lms out there properly protects videos, because within a day of a course being launched, it's pirated somewhere 😆
If someone really wants to pirate it, and you have done an amazing job of preventing them from downloading it, they'll just screen record it. and then you'll find a way to stop that, and they'll find another work around.
What are you using to host the videos? Good hosts do put some things in place.
exactly even if i hide the download they can record it
in cpannel
is it a personal project, or something you plan to release?
its personal project
okay 😄
But yeah, the real solution is DRM like Ragnar mentioned. Not something you'd want to implement yourself, but since you'd likely use a service to host the videos, you could find one that offers DRM, which goes a long way to blocking downloads and can prevent screen recording as well... it's not cheap though. I know Vimeo only offers it on enterprise plans. There are probably more affordable options out there, but it's a) complex, and b) they know if you need drm, you're making money, so they can charge a lot
i think it not worth to buy it for personal project . i was looking for a package to handel this but i think best way is just hide the button