You wonder about the various ways to protect your photos from looting on the internet: do you know Digital Rights Management? Here are two examples of photo DRM, compared and analyzed for you.
Two services offering protection for pictures on the web make the buzz these days: PixelRights and EXIF.co. It is out of the scope of the blog to detail how to circumvent these protections. My goal is just to explain how they work and to evaluate their security level.
These two services follow the same ‘DRM’ approach: let people admire the pictures without giving them the access to the files. Their mission : prevent copying pictures on the web, even with screen captures.
Their technology is based on cryptography and obfuscation (see white paper). The protected image is not accessible like any JPG file on a server. Since a PC is not a ‘walled garden’ but an open platform, I foresee that these protections will be hacked soon, starting an endless mouse and cat game between service designers and hackers.
So, let me play to role of a hacker…
The photographer uploads his/her pictures to EXIF.co. The server makes a copy of the central part of the picture in an auxiliary file, and replaces it on the original image by a black caption with the text “EXIF.co/Name_of_photographer”.
EXIF.co images are indeed composed of 4 elements:
- The image with the caption,
- The central part stored in an auxiliary file,
- Some metadata,
Then the script download the three remaining elements. It displays the image with the caption plus the central part image on top of it exactly over the black caption: the original image is recomposed on your computer screen. Metadata are displayed when one clicks on the ‘Information’ icon.
And you get this :
As soon as we leave the browser window (‘focus out’), the central part is no longer displayed. Therefore a screen capture only grabs the picture with the caption. In the same way, a click-and-drag’ or a right-click gives you only the picture with the caption. A simple trick is to use the screen capture with a timer and reload the webpage during the time lapse. One gets the full image but at the resolution of the computer screen.
On the other hand, tinkering a little with the browser, it is not that hard to fetch the JPG files in the computer memory. One gets the two pictures to be recomposed with photoshop.
We now detail SmartFrame, a service from PixelRight. A new file format (.PXLR) has been created. The original image is divided into a dozen of pieces like a mosaic (a very old trick). Each image piece is encrypted. The .PXLR file is a container packing these encrypted pieces. It is stored on PixelRight servers (like with a DAM) or on the computer of the photographer, together with the decryption key.
To display the image on a web site, an embedder downloads the .PXLR file and a script which fetches the decryption key if the right is granted. This script decrypts the pieces and displays them in the right order to recompose the full image. The runtime is around one second.
As soon as you leave the browser window, the image is darkened to prevent screen capture.
Once again, the trick with the timer works fine. Once again, if the computer succeeds to display the image by pieces, it means that these pieces are somewhere decrypted in memory. Once you find them, you need to recompose the mosaic on photoshop.
These services are cheap. Therefore, they don’t provide a high level of security. Their goal is to ‘Keep honest people honest’.
PixelRight has a slightly higher level of security. This is not thanks to the encryption, but to the mosaic: a dozen of pieces to deal with and not just two as for EXIF.co. An automatic bot stealing images would be a little bit more complex.
Nevertheless, we prefer EXIF.co because of their honesty : see on their blog “Yes, we know it’s not foolproof”. EXIF.co does not pretend to sell security but it adds some “friction” to disturb the ‘image thieves’. Above all, the philospohy of EXIF.co is to outline the importance of credits and metadata. Imatag agrees 100% on that.
These two implementations are simple but weak. Is this approach bound to fail? There exist other products following the same approach especially in the movie industry. For instance, the Oscars award academy uses them to prevent leaks from jury members. These solutions are very complex: they run on the host computer a ‘walled garden’ virtual machine with encrypted memory. Only a very skilled hacker would circumvent these protections. Moreover, as a second line of defense, the movies are watermarked with the jury member name. This is another story I will tell you next time.