Encrypt image with php to prevent download in HTML Email? - 【StackMirror】|php|html|image|email

I got a request from a client asking to "encrypt some images to prevent people from downloading them". This will be within an HTML email from some email sending application that I do not know of at this time, so I will need to use a string for the source such as "http://somewhere.com/images/img.jpg" etc. Does that kind of thing even exist? The only thing I can think of is 'encrypting' an image so instead of the src being "whatever/img.jpg", it would be "http://somewhere.com/img.php?i=12383824724. But I am just spitballing and don't know how that would work. Before you start answering:

Client knows we can put a watermark on the images
Client knows we can put image as a background (using appropriate methods for cross client compatibility)

Any ideas? Thanks all,

Fil

2012-04-05 00:23
by Fillip Peyton

What about 3. Client knows that if the image is visible in any manner, then people can download it and there's not a single thing that can be done to prevent it - mah 2012-04-05 00:25

This is an exercise in futility. For one, if the HTML resource references a remote image, all the end user needs to do is look at the source to see where the image is located. Secondly, how are you going to stop me from pressing the PrtScn key and just taking a screen shot? Answer: you aren't. If you have proprietary images but you still want people to see them, a watermark is your only option - rdlowrey 2012-04-05 00:27

Even further, you'd need one heck of a watermark to prevent me from easily photoshop-ing it out. It's not that difficult if you're fluent with any mainstream image-editor. Very lo-res images may be your best bet - rdlowrey 2012-04-05 00:34

Any effort you spend on this will instantly be rendered worthless by a user capable of taking a screenshot - twaddington 2012-04-05 00:37

Whats funny is I knew there was a #3 (and 4 and 5... for that matter) that I was missing. Print screen is an obvious one as well. Just wanted to make sure I wasn't forgetting anything that could possibly be don - Fillip Peyton 2012-04-05 02:08

If the user can see the image, he has already downloaded it. Preventing a user from downloading an image means preventing him from seeing it. And that seems rather pointless.

What you may want is to prevent your user from saving the already downloaded image to a file or elsewhere. That would only be possible if you'd have perfect control over the environment in which the user is viewing the image, including anything in front of the screen like a digital camera. I.e., it is futile.

2012-04-05 02:25
by deceze

You may want to consider using PGP with your mail. It's the de-facto standard here, but only if you're doing something informationally tractable.

While you won't be able to, "prevent people from downloading [your images]," you can prevent them from decrypting them unless they're a trusted party. If some finer-grained level of DRM is desired, you may want to consider talking it out with the client and explaining to them precisely why this is infeasible.

In short: if the target party has already seen the image content, there's little you can do about it. The best of watermarks and steganographic markers are doomed to the analog hole, even if you go out of your way to secure your web server.

2012-04-05 00:25
by MrGomez

This doesn't really solve the problem; either the viewer can see it or they can't. If it's on their screen, they can download it. If it's encrypted so they can't download it, they can't see it. PGP (or any other encryption) doesn't change anything about that - ikdc 2012-04-05 00:27

I'll go one step further and say that this doesn't solve the problem at all .. - rdlowrey 2012-04-05 00:28

@rdlowrey Totally correct. Fixed - MrGomez 2012-04-05 00:40

Much better ... : - rdlowrey 2012-04-05 01:01