I run a website which serves videos to monthly subscribers who can download them. The majority of the videos are WMV and MP4. Is there a PHP or Linux library which would inject metadata or text into the video files without re-encoding the entire file?
My problem is that the videos are pirated and shared on other sites; we are losing money. So, I want to inject the downloader's username so that we can catch the pirates.
I cannot have the movies being re-rendendered/re-encoded for every download because it would put a lot of stress on the server.
I'm looking for some solution that will fopen and fwrite this data to the file.
Any ideas on how to accomplish that or is there any library that can do this?
As Pekka mentioned, inserting meta data won't help you fight piracy. The minute the pirate re-encodes the file, the meta data is lost. In addition, there is software (e.g. TigoTago) which edits meta-data.
A better approach would be to:
Don't allow downloads. Instead, use encrypted streaming.
Allow downloads, but chase down the pirated content; whenever you find the videos on Rapidshare and other file sharing sites, file a complaint.
Because punishing the pirate won't do much. They'll just sign up again with a different name, a different email, and a different prepaid credit card.
If you're still unsure about it; take a look at iTunes. The file which you download cannot be played on any computer which is not authorized (if the file is protected). But, the minute a user converts the file or re-encodes it, the file can be played any where on anything.
edit
And anyways, most pirate shares and torrents are uploaded as MKV or AVI. So most likely, the pirates will be converting and re-encoding it before they upload it; rendering the metadata useless.
Related
Is it possible to add a hidden string to an audio file (MP3, mid) via PHP?
I have an online music store and some of my customers resell the songs, and I want to hide his e-mail address in the audio file to identify them.
Audio Files
For real audio files (not MIDI, which is not really an audio file), the best method for this is to use audio watermarking. There are many algorithms and tools (such as AWT) that can be executed from your PHP script to handle this. They work by modifying the audio data in a way that cannot be perceived but can be decoded.
Most of these algorithms can encode the watermark in such a way that they survive re-encoding with other codecs. This is a critical difference from what you are asking for. If you simply were to add an ID3 tag, any tool could remove that. In fact, it's likely your tag would get removed just by tools that read and re-write your ID3 tags. With the information embedded in the actual audio itself however, it will survive. If someone decodes the file and re-encodes with another codec, depending on your watermarking algorithm, the watermark will still survive. Even if someone streams it within another stream, the watermark can survive.
and I want to hide his e-mail address in the audio file to identify them
Rather than embedding personally identifying information, you should store an ID or hash of an ID that you keep in your own database. It might be even better if you generate a new ID for each download so that should you need to find the user who re-sold your files, you can prove when they downloaded it and from what IP address, along with any other information you wish to keep in your database.
MIDI Files
For MIDI, you will have to embed your ID in the metadata of the file. This can be easily defeated, and may not be worth your time at all.
As a copy determent for my mp3-files (handed out individually or over web shop) I thought about marking the files each by cart-code-token, which I have to keep for legal reasons anyways.
Contra:
With basic understanding of the mp3 codec I came up with the idea of putting the cart code in one sample or spreading the info over more of them. One or some samples will be destroyed this way if the file is played, but it won't be even noticable in regular sampling rates (128kbps and above). No protection after harsh downsampling, though.
Pro:
Under circumstances even in waveform you yould possibly still determine the code. In any way information about marking the file could have some impact on users behavior. At least it could provoke a second thought about passing the file on as it is.
How would you suggest me to imprint the code onto the mp3 audio stream?
I would do it by file manipulation via PHP, if possible while serving the file for download.
you haven't discovered anything new: that's watermarking at its finest :-)
there are many MP3 watermarker program out there which imprint your data all over the audio stream. Such watermarks can resist file copy (obviously), upsampling, downsampling (to a given degree), audio trimming and even analog re-recording
check wikipedia: http://en.wikipedia.org/wiki/Steganography#Implementations
section 3 of this site site is on audio: http://www.binary-universe.net/ same author did a project on codeplex.
these also do audio: StegHide mpeStego
and this one:
https://github.com/jcelerier/watermarking/tree/master/src/libwatermark
In Imgur, you can input an image URL and a few seconds later, there's a thumbnail of the image. Or in Bing Search, you can (or used to) be able to view a thumbnail of the website in the search results before visiting it.
I would love to implement something similar for my website, but I can't wrap my head around on how it is done. Moreover, are there not security concerns? I'd imagine the servers have to at least download the website, render it and take a screenshot. What if it's a malicious website, and you download something malicious on your server?
A headless Web browser engine like PhantomJS can be used for this. See example on their wiki. Yes, it would be prudent to run this in some sort of a sandbox, feeding a queue of URLs into it, then taking the generated thumbnails from the file system.
While I don't know the internal workings of any of the aforementioned services, I'd guess that they download/create a local copy of the images and generate a thumbnail from that.
Imgur, as an image hosting service, definitely needs a copy of the image prior to being able to generate thumbnails or anything else from it. The image may be stored locally or just in memory, but either way, it must be downloaded.
The search engines displaying screenshots of the sites likely have services that periodically take a screenshot of the viewable area when the content is getting indexed, and then serve those screenshots (or derivatives) along with the search results. Taking a screenshot really isn't dangerous, so there's nothing to worry about there, and whatever tools are used to load/parse/index the websites will obviously be written with security considerations in mind.
Of course, there are security concerns about the data you're downloading, too; the images can easily contain executable code (such as PHP) in their EXIF data, so you need to be careful about what you do with the images and how.
I am building a site similar to thefuture.fm. DJs are able to upload MP3 files and set if the file only can be streamed or streamed and downloaded.
Visitors to the site don't have to login to listen to music. They should be able to stream/download these MP3 songs depending on the users settings.
I am using the jPlayer to play songs. I have searched all over the web but can't find any solution. Does jPlayer have any facility like prevent downloading of MP3 files? Or is there any way I can prevent this?
It's actually impossible to prevent downloading. You can make it harder for somebody, but he still needs to download all the data to hear the song. So even if you use some encryption to send the data to a flash player you write yourself, the player will have to decrypt it and play the audio. And since you can decompile flash it wouldn't be to hard to find out the algorithm. He could also just record the music again when playing it (similar to the first DVD decrypt tools, who just took a screenshot 30 times/sec to pass million dollar security measurements)
So the goal is to make it harder, not impossible.
Personally I would go for temporary available links in combination with a cookie, so I can still use jplayer and don't have to reinvent the wheel. Also use some obfuscating to make it harder to read the URL.
When somebody request the main URL (where you show your player) generate a unique key and save it in a cookie. The unique key should link to the IP address and request time stored in session.
Now create a link to the music file like playfile.php?file=music.mp3 or whatever. Just make sure that PHP will handle the file request. If you obfuscate this link it will be a little harder to find it.
In playfile.php check for the unique code in the cookie and check if it matches the IP address in session and the request time is less then EG 15 seconds (any longer and music won't play anyway with slow internet connection). If it is, stream the file. If it's not, block it.
Now if somebody would write a program/script to download the music, he can. But if somebody has the knowledge and time to do that, nothing will stop him from downloading it.
This will prevent any normal user from downloading it.
Preventing hotlinking is a bit easier, since in general you'll have a referrer string to check. If this is present then you'll know not to serve the content. Here is a code example.
Preventing downloading on the other hand is much harder - the best approach would be for a Flash application to decrypt data in realtime - if you use a simple encryption scheme, most client hardware should be fast enough. I couldn't find much for this on the web, so I wonder whether you'd have to do some Flash/Flex development yourself: download MP3 data in chunks, apply decryption routines from a library, and send them to some sort of MP3 decoding buffer. I suspect the password would be hard-coded.
Addendum: I've found that in later versions of Flash you can play dynamically generated sounds from a buffer (see here). So, if you're willing to get stuck into some Flash/Flex development, a solution is in sight. I couldn't find anything that accesses low-level MP3 routines, but don't forget that files don't have to be MP3 as transmitted from your server - convert them to whatever your app needs.
What you are searching for can't be achieved with JavaScript solution. If you want javascript to play something, it has to download it and in order to download it, JavaScript needs a URL.
Most common way to tackle this problem is using Adobe Flash and making a player in it. You can make your player stream content (mp3 in your case) without explicitly exposing actual data location to user.
Put the file(s) in a location that isn't accessible from the browser and use PHP to stream them out as a series of chunks using HTTP/1.1 206 Partial Content. Then use a method like this to edit the context menu to add/remove the 'save as'.
Use a session var to eliminate direct linking.
Actually, there is a player that DOES scramble the url and it works pretty good. We used it because of this excellent feature. It is not impossible to download/save the audio, but at least it is not a matter of just opening the inspector and copying the url. It also prevents from sharing to outside sources by URL. So, contrary to the above, it IS possible and it IS available :)
Check the plugin out here:
https://wordpress.org/plugins/mp3-jplayer/
I'm trying to build a site using HTML5's video tag so that I can share some movies I have made. Their sizes are pretty big (>500 MB), and when I watch them from outside my network, it seems like it's trying to download the whole thing before showing it. I'm wondering how I can make it so that they can be downloaded and watched at the same time.
I'm using php and javascript to build the site, although if there are libraries or techniques available in other languages, I'm more than happy to hear about them.
Video files on the web sometimes need to be encoded in a special way in order for them to be played while downloading. In order for flash based videos to work, data called "moov" must be moved from the end of the stream to the start. A program called mp4 FastStart can do this for you.
Programs like HandBrake have a "web" option that also does this when encoding. The data basically contains the length of the video, etc. Typically this was at the end of the file. However when the web came along that meant downloading the entire thing before being able to play.
Can you tell us what format the video is?