PC Magazine - June 30, 2003
Protecting Web Images

By Sheryl Canter

You don't need to own a Web-based photo gallery to worry about image theft. If you've paid an artist thousands of dollars to design custom graphics, you certainly don't want the images turning up on your competitor's site. And even if all you have is a small family site, you probably don't want pictures of your children available to whoever comes along. What can you do? You probably can't stop truly determined thieves, but there are a number of steps you can take to discourage image theft.

There are four ways to copy Web images: browser commands, notably the right-click menu's Save picture command; site grabbers and online search engines; the browser's cache; and screen-capture programs or Windows' PrintScreen feature. It's difficult to block all four methods. Screen capture is particularly hard to block and requires expensive encryption software such as Alchemedia's Mirage Enterprise (www.alchemedia.com) and ArtistScope's CopySafe (http://artistscope.com/copysafe). The alternative is to make stealing images difficult and inconvenient.

Unless you want to antagonize your visitors, don't disable the right-click menu. This makes other useful right-click commands inaccessible. A better way is to use JavaScript to create a rollover, where an alternate image is displayed when the mouse hovers over the image. Rollovers typically display a copyright notice on top of the image, but you can swap in any image you like. If the visitor tries to capture the image using the right-click menu, the alternate image is captured instead. Remember, however, that JavaScript support is not available in all browsers and can be disabled.

You can also hide your image beneath a transparent GIF that is positioned via an embedded style sheet or a table. Right-clicking saves the transparent GIF rather than the visible image.

Give the image a misleading name, so your visitors are not immediately clued to the trick. If you're lucky, the image thief will leave your site before noticing the switch. If he's knowledgeable, however, he can obtain the real filename by looking at the source code for your page.

You can also inconvenience thieves by chopping an image into pieces before uploading. Unfortunately, this is inconvenient for the coder as well as the thief.

Webmasters commonly store images for a site in a subdirectory called images. If a directory doesn't contain an index file, then accessing the directory in the browser pulls up a directory tree with filenames - in this case, the names of all your images. An easy way to prevent this is to put a file named Index.htm in the images directory with a notice that all images on the site are copyrighted. Or, if your server is running Apache, create a file with the name .htaccess and put in the line IndexIgnore *. Upload this file in ASCII mode to your images directory, and no file list will be displayed when users navigate to it.

Metatags can help you prevent browsers and search engines from caching or archiving the files on your site. The following code prevents Google from archiving your files:

<meta name="robots" content="noarchive, noindex, nofollow, noimageindex, noimageclick">

For browsers that support HTTP 1.1, this tag prevents caching:

<meta http-equiv="cache-control" content="no-store">

Since you can't rely on HTTP 1.1 being available, however, you should include the following tags prior to the no-store tag:

<meta http-equiv=Pragma content=no-cache> <meta http-equiv=expires content=0>

Again, this is an imperfect solution because browsers can cache a response marked no-cache as long as they revalidate the response before serving it. If your image is in the browser's cache, a determined image thief can find it.

ImageSafe 2.8 encapsulates images in a Java applet to protect them from being cached or copied.

Using Flash, Shockwave, or a Java applet to display your images is a better way to prevent users from or saving images via the right-click menu. For example, a product called ImageSafe (www.cellspark.com/imagesafe.html) encapsulates images in a Java applet to keep them from being cached or copied. Adding a line of text or another image across a graphic will frustrate (but not disable) screen capture. The extra data, however, increases download times.

Finally, mark the image— either to identify it as yours, or to make it unappealing to steal. For example, Digimarc Corp. (www.digimarc.com) has a solution that lets you create an invisible watermark on your graphics, which can be tracked by a spider to find stolen images on the Web. You can use visible watermarks to make images less appealing, but your own Web site suffers with this approach.

Just as there is no certain way to prevent a determined thief from entering your house, there's no perfect solution for protecting your images. But you lock your doors and windows to make entry difficult, and you can take equivalent steps to foil image thieves.

HomeWritingSpeakingWeb DesignGraphic DesignBioBlogContact