Hide the URL of an embedded video to prevent anyone from accessing the video outside of my domain

  • 3
  • Question
  • Updated 9 months ago
  • Answered
Merged

This conversation has been merged. Please reference the main conversation: Domain restricted view of the content

Can I hide the "embed URL"?

What I want to use screencast for, is to store and stream the videos which ONLY paid users logged into my site can access.

If I embed the files having "hidden" privacy setting, people can still find out the URL and then access them without paying for it.

Is there any way I can hide the URL so that people can only access the videos from within my application?
Photo of samudranb

samudranb

  • 5 Posts
  • 2 Reply Likes
  • frustrated and confused

Posted 9 years ago

  • 3
Photo of Mike Curtis

Mike Curtis, Employee

  • 2204 Posts
  • 216 Reply Likes
I am hoping someone can prove me wrong, but I do not believe it's possible to hide the URL in the html code. Once a video is on the web there are a number of ways people can "scrape" it--or even record it right off the screen and do what they will with it.

I'm thinking the best way to control the access is via a password on your site. For example, to see the videos, your paid viewers would have to enter a password on the site (or page) that would give them access to the videos.

Anyone know some more creative ways to protect your content?
Photo of samudranb

samudranb

  • 5 Posts
  • 2 Reply Likes
That (password protect the video) I am already doing.

But once someone has logged in, there is nothing to stop him from looking at the source, getting a list of all the URLs of the videos.. and just simply pass them around.

If that were to happen, it would be catastrophic to my biz, since I am planning to make it almost completely video based.

Could you please help me figure out how I can make piracy a little more complicated than that?

Scraping / recording off the screen is not something I can avoid, so I am not even going to go there. But this surely can be avoided?

PS: vzaar.com has this feature of domain control. Maybe we could have something similar here? E.g. make the video embeddable, but it can be played only at www.xyz.com e.g. and not anywhere else (including screencast.com)?

That might solve the problem, and seems like a pretty great feature!!
Photo of Kelly Mullins

Kelly Mullins, TechSmith Employee & Helper

  • 2867 Posts
  • 629 Reply Likes
Hello,
The highest level of privacy using Screencast.com is the Authenticated level.

When the Authenticated privacy level is applied to your video located within a Hidden folder, your customer must receive an email from you containing a link to the content.

To view the content, the recipient must have a Screencast.com account (they can quickly create one for free). The email address used to create that account must match the email address on the invitation you send.

If the URL is copied and passed along to someone else, they will see a webpage with an error message - not your video.

Additionally, an invitation can be revoked at any time rendering the link in that email invalid.

While the viewer is in the Hidden folder, they cannot use the breadcrumbs at the top of the video to go back to the folder and view other content there - it is hidden from all viewers.

It seems this might be a good solution for you. However, you would need to send out an email invitation to each person for each video.

Keep in mind.. no video is totally free from being copied - there are lots of video recording applications out there that will allow people to record video if they choose to do so.

However, Screencast.com and the Authenticated privacy level will give you a lot of control over who sees your video in an Ad free, professional environment (that you can personalize with your own corporate look if you have a pro account).

You can read more about the Screencast.com privacy levels here:
http://www.screencast.com/help/tutori...

If you are using a Free Screencast.com account, keep in mind there are bandwidth usage limits that renew each month. If you have a lot of viewers, you might need to go Pro to ensure they can all view your content.

For more information on bandwidth usage and Screencast.com, go to the Screencast.com Help Center topic on Bandwidth:
http://www.screencast.com/help/Defaul...

Hope this helps,
Kelly
Photo of samudranb

samudranb

  • 5 Posts
  • 2 Reply Likes
Nope. That does not help.

I know about the authenticated privacy setting, and unfortunately it is not feasible for me. The video HAS to be embedded in the content, as it has to be placed in context of the rest of the media material.
Photo of Fred Grover

Fred Grover, Champion

  • 2444 Posts
  • 382 Reply Likes
Hello samudranb,

As Kelly stated above. When it comes to video or anything else online it is not 100 percent protected. If someone wants it they can get it. When embedding a video it will always show the embed code as far as I know there is no way to hide it.. What are you trying to embed this content into? I know this is not what you wanted to hear but, it is all I know unless someone can prove me wrong or give a different solution.
Photo of Lorna EllisonGreenwood Overbeck

Lorna EllisonGreenwood Overbeck

  • 2 Posts
  • 0 Reply Likes
Even if you go to extremes to protect it, there are programs out there to record the screen, the webinar, etc. that will allow viewers to scrape the video (e.g., Camtasia!) Sorry, Samudranb - if it's out there, it's out there.
Photo of David M. Converse

David M. Converse

  • 440 Posts
  • 26 Reply Likes
Hollywood has spent millions of dollars trying to stop people from copying videos and they have not been successful. There is not a technological way to prevent this if the viewer has control of the computer.

The best advice I have seen is to structure your business model around the assumption that you cannot prevent content from being copied. Watermarking, contractual provisions, and registering your copyrights are good business measures to discourage copying.
Photo of samudranb

samudranb

  • 5 Posts
  • 2 Reply Likes
I understand that to somebody determined to steal the content, there is little one can do.

But I believe that there should be a little "something" preventing the most basic users from doing so. Why make their lives easier, by displaying the embed URL? Especially when you are paying by the bandwidth?

E.g., I found this site, which encodes the URL (maybe javascript, I dont really know how he has done it). To anyone determined to do so, it will be a stumbling block, and if someone not-so-much-of-a-technical-bent-off-mind tries to copy the URL, he / she will be unable to find it easily.

The site is http://www.bmyers.com/public/1263.cfm

I believe this should be a standard feature for all video hosting sites which charge by the bandwidth. Wouldn't you agree?
Photo of David M. Converse

David M. Converse

  • 440 Posts
  • 26 Reply Likes
Obfuscating URLs is not much of an effective security feature. Remember that to view a video, it has to be copied to the user's computer. That person can record it, save it from the browser cache, or use a program like RealPlayer or a "downloader" to automatically grab the video from the website.

Unfortunately, this is something that we really don't have a fix for, its just the nature of how the Internet works.
Photo of David M. Converse

David M. Converse

  • 440 Posts
  • 26 Reply Likes
Obfuscating URLs is not much of an effective security feature. Remember that to view a video, it has to be copied to the user's computer. That person can record it, save it from the browser cache, or use a program like RealPlayer or a "downloader" to automatically grab the video from the website.

Unfortunately, this is something that we really don't have a fix for, its just the nature of how the Internet works.
Photo of camtasia888

camtasia888

  • 101 Posts
  • 0 Reply Likes
you can download software that "encrypts" your html, in whole or in part, search google for html encryption. pevents hotlinking to your content.

ask youtube forum for advice, they now have pay per view channels for U.S.A users. for example on youtube videos are downloadable via firefox "ant" plugin, but i dont know if this is possible with the paid video sources.

I believe that those who record online tutorials etc, do not really pass them around, so you wouldnt lose much in the way of paying customers.

they only screen record it to save them having to log in again and again to watch the content after paying for it, and so they can save it to their ipads or iphones to study on the train to work for example.

I doubt they would repost it to any main media site like youtube, screencast, vimeo or a major blog like wordpress. I believe if you have valuable educational content, and people are paying for it, I can`t see why they would give it to the rest of the competition for free, after they forked out hard earned dollars for it. its more a convenience thing and the transitory nature of most of the internet, their worried they might lose their source of investment if your sight disappeared.

lynda.com is a major educational sight with tutorial software videos for example, they have a long legal terms and conditions to be agreed to when you join, talks about no downloading and redistributing, so even a large pro company has to deal with the issue, read it and learn from their experience.

having your watermark and website address on there , or an intermittent message at the bottom of the content stating this content should only be viewable at www.whatever.com and at the beginning and end of the video, a short message, illegal copyright notice, should make people think twice.
"please report infrignements to myemail@email.com" will do a lot to prevent widespread posting of your work.

and if you do a websearch every couple of months on major video sites you`ll be able to locate any popular content along the lines of what your doing, if yours is there and if there are any number of views (high volume viewing) it will come up very quickly in search, otherwise dont worry you`ll have only lost a handful. again I doubt it.

check out fxphd.com and ask them how they tackle the issue as they do subscription based videos also.

good luck if your still around !
Photo of Shantanu Pethe

Shantanu Pethe

  • 1 Post
  • 0 Reply Likes
Thanks...
All for having good discussion on this topic....
Have you explored https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&am...

i went to above site and made the payment also to DRM Soft ...... but they replied that we have stooped this product ............ but i saw this product (sample) was working great ....
It plays video with viewing restriction ..... & with anti screen capture feature........ i want something like this........ can you expert people help me in this my email id is cacscmacoach@gmail.com

Thanks in Advance 
follow me on youtube:https://goo.gl/f4ovTU
Photo of Sarah Florian

Sarah Florian

  • 1 Post
  • 1 Reply Like
For anyone still looking for the answer there ARE ways to track people down.

1. First to simply prevent the video url from being exposed you can use a flash video player and stream using hls, this will stop the user from simply copy and pasting the link since they'll need to do some digging to find the manifest files in the http requests then find a player that can play the manifest files. If you need an html5 player these days browser support for adaptive streaming is pretty good, just use a transmuxing wrapper like hls.js(for HLS) or dash.js(mpeg-dash). What will show in your html5 player is a locally generated blob url which means nothing.

2. To stop a user from grabbing resources from the server, you can set up your http streaming to accept a token on initialization through the cookies in the header and check against one in the url. For example set up your url to be https://video.mysite.com/vid1.mp4?publickey=blahblah and have your cookie set as the private key to "blahblah" key pair, this will ensure that if that url is pasted in a seperate browser the http request will send the invalid private key cookie and hence won't be able to view the video. It's also standard these days to attach an expiry token on the url to check against the expiry so the url become inactive for the user after a certain amount of time.

3. To stop a video sniffing software from downloading the chunks it gets a little bit complicated but is very do-able. The best approach is to use a DRM software, there are tons out there some commercially stable so you gotta pay for them. A good DRM software would able to encode the actual video you are serving from the server with a public key and have the video player on the website decode the video with the private key in the player itself. This means if a tool sniffed the http requests it will be completely meaningless because that information is encoded and cannot be decoded by anything except the website's video player. Essentially the only way to download the video now is to screenshot individual rendered frames on the video player and pass them through a compressor in the end and reconstruct the actual video.

4. To prevent even screenshotting the video is impossible however you can still stop pirates from doing so using a technique called Steganography. Basically this is a way to hide messages inside frames that are different based on the user to identity which user leaked the video. Movie studios use this technique to identify which cinema leaked the videos online by stamping a unique id into each frame of a movie identified by the reel number which is sent to a specific cinema. There are steganography libraries implemented in C/C++ for server side video streaming which you can implement, a good steg algorithm would produce a signature that could be identified even if the frame was blurred or re-encoded, this is too hard to explain mathematically. It wouldnt stop the ability to pirate but atleast you can catch who is responsible.

Hope this helps someone!
Regards
Long Live Piracy
Photo of Joel Hooks

Joel Hooks

  • 1 Post
  • 0 Reply Likes
Another thing to consider is that this likely won't be detrimental to your video business. We operate a serve that is streaming 20tb of video content a month. That's relatively small when compared to the "big guys", but it is quite a lot to us, and it puts food on the table.

People are always writing scrapers and utilities to grab our videos. They put the code up on Github as public repositories, and then there is a team working on it. I've asked nicely, given free accounts, or otherwise negotiated several of them being taken down.

Many still exist.

At first it filled me with anxiety, but fighting it is a lot of work. You have zero recourse with torrent sites. People writing scrapers tend to be extremely smart and determined, so if you fight back the fun really starts for them. Find a way to let them "win" in a mutual way. These people know they are stealing and aren't the bad actors.

We do fight back when our content is posted to YouTube. I wrote a script that automates the DMCA boilerplate and YT is very good about removing the content when you fill all the legal requirements. I actually find YouTube much more egregious as the uploader is often pretending to be the content creator, and the viewers don't know they are participating in fraud.

That said, @Sarah's tips above are excellent baseline "make this more difficult so they have to be dedicated to the cause" tips above are spot on. Thank's Sarah!
Photo of Hovert van Doremalen

Hovert van Doremalen

  • 1 Post
  • 0 Reply Likes
You can try or download tht prefix php id's url script on https://www.hideurlscript.com/

It tried and i'ts very good  and you can make custom it.
Photo of Ramesh Kumar Pandey

Ramesh Kumar Pandey

  • 1 Post
  • 0 Reply Likes
you can simply use .htaccess rule to use below

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?(your webisite domin//example.com) [NC]
RewriteRule \.(mp4)$ - [NC,F,L]
Photo of Sport Lover

Sport Lover

  • 2 Posts
  • 0 Reply Likes
Above comments are almost very old . Easy and free way to hide and lock your content by using wmspanel nimble. simply use it as a trial in starting and once you have done the setting on your server regarding media lock then no need of paying subscription fees.