Copy protect Flash from recording and capture

How to Copy Protect Flash SWF Online


Flash displayed online from web pages are most vulnerable to copy and download by all manner of apps that have been specially designed to "download movies".

However there are some options for adding copy protection that do not involve obfuscation or encryption of the Flash to prevent it from being located from where it may be stored on a web site. But before introducing two (2) most secure options, let's look at the whole picture and all of the ways that Flash displayed online can be copied:

  • Right mouse click to "save as".
  • Browser menu option for saving the page with all embedded media.
  • Right mouse click to save the page with all embedded SWF media.
  • Highlighting by mouse select and copy-and-paste to the clipboard.
  • Click select by mouse and drag-and-drop to the desktop.
  • Right mouse click to send attached to an email.
  • Browser menu option for sending as an email attachment.
  • Using screen capture software and recorders to copy Flash.
  • Locating the download resource of media from view of source code.
  • Using site and file grabbers to download media linked from a page.
  • Using file grabbers to retrieve media from web browser cache.
  • Packet-sniffing to intercept page resources and passwords.

Some displays cannot be protected

If you are providing direct links to either Flash stored on a web site or streamed so that the user can open and play them using a generic desktop Flash player, then be advised that what we are discussing here has no relevance because there is no opportunity to intervene and control copy. That is, unless the Flash player software is of custom designed for playing encrypted and domain locked Flash. Secure desktop players are not relevant to this topic because they fall into the realm of playing from CD. In fact at the time of writing this article some custom secure players are utilizing DRM but they are ineffective when it comes to preventing the user from recording the Flash as it plays.

What this article is about is the display of Flash from web pages. That is the Flash player code is embedded into the HTML and no options are provided to play direct from the source. Only when using embedded players can you have control over copy and capture:

  • By using a copy protect plugin installed for popular web browsers.
  • By using a custom web browser specially designed to protect web media.

Using a copy protect plugin installed for popular web browsers

ArtistScope provides a CopySafe Service that is second to none when it comes to preventing copy from all methods including Print Screen and screen capture. CopySafe Web Protection was first released in 1999 and it is supported on all Windows computers. Site visitors can use their favorite web browser and to view protected web pages, they can download and install the plugin just like they would when encountering Flash for the first time.

Using CopySafe Web to protect Flash

CopySafe Web is the most secure solution for displaying encrypted images and it is the encrypted image that activates the CopySafe plugin when it loads. Consequently any web page can be protected by simply adding a small CopySafe encrypted image and any media displayed on that page will also be protected including Flash. To apply CopySafe to a web page all one needs to do is add a few lines of HTML.

However when you are protecting Flash, you need to be aware of the fact that file grabbers can locate and download Flash files from where they are stored on a web site by direct linking. So direct linking is not recommended at all and the method of providing the download to your embedded player should be via a Flash media server.

Using a Flash media server is most recommended to prevent direct linking to your Flash resources. Media servers do not simply provide a download because they "stream" the Flash data and at regulated rates to better suit a user's internet connection thus enhancing their experience by "buffering" to eliminate annoying pauses.

Note: When using the ASPS Web Reader it is not necessary to use stream delivery because static download links cannot be discovered.

CopySafe is compatible with all types of web applications

CopySafe Web can be added to any web page regardless of which programming language is used for the page. If you are using a CMS and/or have limited HTML skills, ArtistScope provides a variety of free modules for integrating CopySafe Web with most popular CMS solutions:

Using a custom web browser specially designed to protect web media

The ideal solution for copy protecting web content is by not using any of the popular web browsers at all, but instead using a web browser that is specially designed to protect the content that it displays. Such a web browser needs to display generic web pages and media but without providing any options that can be used to save, print and copy the page or download any media displayed on that page.

Today there are a few custom web browsers available that claim to satisfy these requirements. Some are merely reskinned IE engines that still expose browser cache and some others have been designed to restrict some save and copy options. But the mistake that most custom browser developers are making is that they are trying to support all operating systems (OS) and that is where they fail because proper copy protection is not possible on Mac and Linux based OS.

The ArtistScope Site Protection System (ASPS)

The ASPS Web Reader is the most secure web browser on the planet when it comes to protecting web page media and it is supported on all Windows OS since XP. Unlike pretentious "secure" browsers, the ASPS Web Reader protects all avenues:

  • Creates a secure tunnel between the web server and the user's computer.
  • Safe from packet sniffers even without the use of SSL.
  • Web pages cannot be viewed by any other browser or application.
  • Embedded media resources cannot be located in page source code.
  • No content or code can be retrieved from web browser cache.
  • All media is safe from file grabbers and downloaders.
  • Protects all media without requiring that media to be encrypted.
  • Pages cannot be printed unless allowed by the webmaster/designer.
  • Pages cannot be copied by using Print Screen to take a screenshot.
  • Pages and Flash cannot be screen recorded or captured.
  • Absolutely no options for copy and save.

Even when the page and media is on display in the web browser, nothing can be copied in any way... that is, without using a camera to take a photograph of the computer screen. The ArtisBrowser is the most secure web browser and the only web browser that can effectively protect web page and media from all methods of copy and save.

ASPS is a server to browser solution that has been designed from end-to-end with copy protection in mind. Web pages assigned for use by the ASPS Web Reader are delivered in encrypted format from the server and they can only be decrypted by the ASPS Web Reader, thus creating a most secure tunnel between your site and your visitor. Intercepting this page is useless as it cannot be deciphered except by ASPS and it cannot be hacked.

ASPS is supported on all types of web servers

The ASPS filter can be installed on all Windows servers/computers running IIS since XP and all Linux servers.

ASPS is supported in all types of CMS and web applications

ASPS encryption does not affect the web application or programming language used to create web pages because it encrypts and delivers the page after it has been assembled by the server. So it doesn't matter if your website is based on Sharepoint, PHP, ASP.Net, Classic ASP or good old static HTML. Consequently any and all CMS applications like DotNetNuke, Drupal, Joomla, Moodle and WordPress can be run from a ASPS website.

Preparing a website for ASPS

No special treatment like encryption or conversion is required as the only preparation required is to add a line of HTML before the page's DOCTYPE statement. So to protect pages you add this tag and any pages not including that tag will not be protected and redirected to open in the user's default web browser. This way you can cerate doorway pages and leave sections of your site accessible to normal browsers and then most securely protect only those sections or pages that are critical to your mission.

Downloading and evaluating ASPS

The ArtisBrowser can be downloaded from their demo site. After download, simply follow the links for "Guided Tour' to explore a variety of different media that can be protected by ASPS.

Limitations and requirements

In theory, web page encryption should prevent the location of files linked from a web page, but it does not. In fact web encryption, especially if relying on JavaScript, is a useless contrivance because the web browser finds the decryption key in the very source that it is supposed to be protected. To display the web page, the web browser needs to decrypt it and once decrypted you are back at square one again with the unprotected page on display with all of its HTML and source code which also readily available in browser cache.

Contrary to what some "copy protect" developers claim, it is impossible to prevent copy using client side scripting such as JavaScript. It is also impossible to prevent copy without using a plugin (by installing a custom software) that interacts with the computer at system level system and "client-side" scripting does not nor ever will have the permissions to operate at that level. Anyone making claims to the contrary is preying on the user's and possibly their own naivety.

Today we have many different operating systems (OS), all of which fall into distinct family types such as Windows, Linux, Android, MacOS, etc. So designing a copy protection solution becomes most difficult and while it might be possible to provide plugins for all of these OS, in reality it is impossible because most either cannot support proper copy protection or are too unstable to survive a rollout, ie: by the time your user upgrades to the latest update that OS will more than likely be outdated.

Click for more Copy Protect Resources.

  Copy Protection & DRM News
  IT Security News
العربيه | 中文 | Česky | Deutsch | Ελληνικά | English | Español | Filipino | Français | עברית | Hindi | Indonesia | Italiano
日本語 | 한국어 | Magyar | Malay | Nederlands | Polski | Português | Русский | ภาษาไทย | Türkçe | 台灣 | Việt