Can i protect my Mp3s from being downloaded?

43 posts | return to the Setup Problems forum | get the rss feed for this thread

Jan. 02, 2008Tom P

Hey, is there any way of protecting my mp3s being used in the JW player from being downloaded if people follow the url in a 'play' link like this:

<a href="javascript:createplayer('folder/audio/track.mp3', true)">Play</a>

Am i going about this the wrong way...? I need a single player displayed on the page with text links to play different mp3s

thanks...

tom

Jan. 02, 2008Graham

I think you could 'hide' them in a playlist but that's making it harder rather than securing it.

The only way of stopping your files from being downloaded is (I believe) to use a rtmp connection. And then there are plenty of hoops to go through to make that secure.

Jan. 03, 2008Kelly

Create a playlist that is on the webserver outside of the root folder.
IE: /folder/webroot/yourfiles your playlist would be in /folder/playlists/playlist.xml
Now open the flash source code in Flash CS3 and hardcode the file variable into the flash file along with all the other varibles you set normally. The hardcoded path should be /folder/playlists/etc.xml
Now you simply create a .swf file for each song and have the href call that particular flash file be written.

Only works if you have like 20 songs or so....

Jan. 03, 2008jKerr

@Tom P

Hey Tom,

This came up in an earlier thread, and I'll say the same thing to you ..

really, what's the point of trying to prevent a download? No matter what you do, you cannot stop anyone from obtaining an exact digital copy of something you offer on your server.

Simple recipe: (not to promote this, but to show you how easy it is)

1. Download Audacity
2. Enable "What you Hear"
3. Press Record
4. Play music on the internet.

You can mask, stream, hide, put playlists on different servers ... whatever ..

at the end of the day: it doesn't matter. In order to be played by the flash player, it gets cached. So it's already on the local PC.

And, with the recipe above, anyone and their grandmother can record a digital stream ..

So, that's not the issue ..

If you create good audio content of your own .. provide a method that people can use to compensate you for it ... if they appreciate it, you will be compensated for it ... if not, they won't ... but does that say something about them, or the audio content you created? I'll let you answer that for yourself ..

now, what if you're serving audio content that doesn't belong to you, and you're asking this question because of bandwidth issues? ... in that case, you really don't have anything to complain about .. if you don't own the content, you have nothing to say about what other people want do do with it ...

if you do own the content, and don't want people to steal it .. don't make it available .. plain and simple .. there is nothing you can do to stop that ..

so, create good content .. offer people a means to reward you for it.. and enjoy it when they do ..

-jeremy

Jan. 04, 2008Tom P

Thanks Kelly, not that up on Flash but i will have a go!

Hi jeremy, I do own the audio content, and it is on my server - i just didn't want to make it as easy a typing the url they see at the bottom of the browser and 'saving as', there are plenty of people who do not know how to save streamed audio / or don't go to the trouble of setting up the means to do it.

I think it is fair enough to try and provide at least whatever small amount of protection i can for audio content.

Jan. 16, 2008Ryan J

Maybe there is another way. I'm currently in the process of setting up a site that will be streaming audio. While I want people to be able to hear the audio at full quality, i want to discourage them from finding ways to download them for their personal use at home (since in the future I will want to sell these files to the same users).

If I upload a block of songs to a directory, is there any application out there that can automatically process those files, inserting a second audio file (such as a voiceover) every X number of seconds, eventually spitting out the finalized file into a second directory that can be accessed by the streaming player?

If I was the only artist, I would just do this myself, but we are expecting hundreds of uploads a day, therefore would not be able to do the processing manually.

Does anyone know of an automated tool similar to the one I'm describing, that has the ability to do batch jobs?

-Ryan

Feb. 06, 2008ZTM

Hi there!

I have the same problem. I'd like to make the life really hard to those who want to download the mp3s. I know you can record every audio that is played on your pc, anyway I don't want the users to directly download the file.

I tried putting a password or a md5 inside the mediaplayer.swf to reach the mp3 url: it's a good solution but not so strong, as it's necessary to open the swf compiled to find the key to download the files.

I should be able to identify if the http request comes from the flash application http://www.domain.com/mediaplayer.swf or not, so I could set up a "fake streaming" stream.php that can serve the data only to the desired application and not to the download.

I need a secure way to recognize the request, it's not enough to put a "code" inside the swf request, as anyone can find it out simply cracking the swf file.
I tried to look at the $_SERVER variables in PHP but they seem to be the same if the request to the stream.php file comes from the flash player or from the browser for direct download.

I thought about the $_SERVER['HTTP_REFERER'] variable, anyway when the mediaplayer.swf is calling the stream.php, this variable is empty, otherwise it could be a perfect check.

Feb. 06, 2008SERVER

Don't waste your time.

The state-of-the-art downloaders are way ahead of you. Everytime I play ANY media file in ANY player, a little icon pops up, asking "Get It?". If I click on the icon, the media file is downloaded.

It's so simple, even my grandmother can do it for her Youtube videos, and she's about 95. You think I'm kidding? Here she is when she was a little girl:[url=http://www.youtube.com/watch?v=TUx4K2OCPbY]Old Film[/url].

Just install Orbit Downloader.

Feb. 06, 2008ZTM

D'oh!

How can it do this? Will it work for an mp3 file served by a stream.php and no-cache header?

header("Cache-Control: no-store, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Content-Type: audio/mpeg");

Feb. 06, 2008ZTM

Other solution: streaming SSL sever. Could it be enough?

Feb. 06, 2008SERVER

Other solution: streaming SSL sever. Could it be enough?
Please test and let us know if it works. Thanks.

Feb. 07, 2008ZTM

I read on the Orbit Downloader website that it can save https streams also... :(

Mar. 03, 2008Johnny

I have recently started recording cover songs. I pay ascap $340 a year for streaming and 9.1 cents a song to the artist for downloads. The only problem is, I need a paper trail to tell the difference. If someone is capturing a stream, I don't want to worry about it. On my end it's a stream. I found a help site that instructed me to make an m3u file, which I have done, but when I click on it, it opens the mp3 file in media player and all I have to do then is select save file as.

Thanks for any help,

Johnny Covers

www.johnnycovers.net

Mar. 05, 2008Ulsen

Kids, stop whining and get a job. I make music myself, I haven't seen money even close to paying my food and rent, so why not f**king work half the day, make music the other half and let people download whatever they want?

Mar. 05, 2008AJAX

@Ulsen,

I hear ya !!

And make it easy to pay the artist directly.

Mar. 12, 2008Daniel

With all due respect to you, no one asked for your opinion on how they should run their life, the question was simply could audio files be further protected from easy download.

I personally don't think saying "GET A JOB!" is solving this particular problem in any way, especially when you don't even know what the inidividual's situations are.


I'd like to hear some more suggestions for the question at hand! Thanks.

Mar. 12, 2008rjb

@Daniel,

With all due respect to you, no one asked for your opinion either.

But most of us live in free countries where people's right to express their opinions, no matter how disagreeable they might be, is revered.

So back to the subject at hand. No media that is displayed/played on a user's computer can be protected now.

Artists and others creating audio/video media need to rethink their business model and find new ways to get paid.

I read that NiN gave away their most recent album, but made $750,000, in just a few days, selling collector's editions of the album.

The whole media business is changing rapidly. Those who adapt will survive; those who don't won't.

Mar. 16, 2008Canito

The best way I know no prevent downloading of mp3 files is by using a host in wich you can control ALL your webspace. If you're able to use Control Panel, for example, you can deny users acess to downloading files, protecting them in the source. By doing that, you can have your files looking something like www.yourdomain.com/music/file.mp3 but no one can acess them by that adress, except the websites you specify.

Mar. 16, 2008rjb

@Canito,

The way the system works is... if I listen to your MP3, the file is in my browser's cache.

So... it's already downloaded!

Mar. 31, 2008Joe Sieben

You can always play a cover sound, like a ping every two seconds. It is clearly a security thing and people know that when they buy they don't get that additional sound. The other big problem is once people have bought it, they can share it on the net and Limewire.

Digital files are never safe. If someone really wants it, they can get it. I like the first suggestion where it is hand coded into Flash, or better yet have Flash read data from a secret file and get the directory from there. Also ensure that the directory is protected of course.

Probably the most secure way is simply never to share - ever :-)

Good luck

Jun. 06, 2008Sean

I thought about the $_SERVER['HTTP_REFERER'] variable, anyway when the mediaplayer.swf is calling the stream.php, this variable is empty, otherwise it could be a perfect check.

This is a Firefox bug. When Flash inside of Firefox makes a request to a server, the Referer header is not set.

What I do is I require each external site to use an API key. The key is locked to a domain (checked against the referer), similar to what the Google API does. In order to retrieve the video data, one of the following conditions must be true:

(1) The domain of the Referer header must be that of my website.
(2) A valid key must be provided and the domain of the Referer header must match the domain assigned to the key.
(3) The User-Agent must indicate that Firefox is being used.

There is no way to ever stop a user from getting the file. Even if it wasn't for the Firefox bug, someone could visit a site that uses a key, copy the key, and make a hand-crafted HTTP request with the proper URL set in the Referer and the key provided to get the file. This technique is not any kind of DRM.

What this technique _does_ do is stop people from using your server as a video hosting provider. It also stops less knowledgeable leeches from stealing your content to put up on their own site. (And trust must, the vast majority of people have no clue how to work around this stuff... there may be a few loud ones on this site, but compared to the 1.5 or so billion Internet users in the world, they're not even a blip on the radar.) If someone without a valid API key for their domain tries to link to your content, or view it using a player on another site, it won't work unless they are using Firefox. Since Firefox is still not the majority browser in the market, this at least will stop larger operations from trying to leech.

Hopefully by the time that supporting IE is no longer necessary for large sites (much like not supporting Firefox is apparently still considered an option for many sites today) Firefox will finally fix the damn bug with Referer headers and Flash.

For reference:

https://bugzilla.mozilla.org/show_bug.cgi?id=410904

Jun. 11, 2008Rookie

What about password-protecting the page of the "actual" audio (download page) and then have a song demo page? I am very "green" so forgive my ignorance on this subject. Great thread guys (gals?).

Jun. 26, 2008Nick

All you whiny bitches in here talking about "free speech" and GET A JOB! and bla bla. Just answer the questions and stay to the subject.

Jun. 26, 2008comedian

I thought THAT was the subject.

Aug. 02, 2008Frogz

ya, dont bother, if i wanted your music i could have it in less than 10 seconds
be 1 of the cool artists, offer it directly and try to make money selling physical media of it

Sep. 11, 2008Ben

Can anyone point me to a Content Management System that could control streaming of mp3's. It has been suggested to me that this might (at least partially) protect the MP3's...

Thanks in advance.

Sep. 15, 2008Michael Green

Tom,

This might not be quite the case for you, but if you were looking to protect your MP3s because they're files that you yourself are selling via say ClickBank or PayPal then I can highly recommend my own Easy-Download Protector.

With EDP installed you can sell any kind of digital product, including MP3s, flash videos as well as PDFs, etc., and then only allow access to those who have actually purchased them for you.

In the latest v5 of Easy-Download Protector there's even IP Address Abuse protection so that you can tell whether someone has purchased from you, set up a login and password and then gone ahead and shared that around the internet!

Anyway, may be of use in your case and I'm sure others will find Easy-Download Protector handy at:
http://www.Easy-Download.com

Michael Green

Oct. 14, 2008xminer

OK, all you all shut up for a second, there is a simple request here and there must be a simple answer... first off lets get a few things out of the way, here is what we already know, so don't blabber it as an excuse for not trying to come up with a reasonable answer:

1) All streaming media can be scrapped by special apps
2) Most streaming media ends up in browser cache and can be found


So what... we know that any dishonest ashole can scrap your stream... the request isn't about you assholes... the request is about how to make it someone can not viwe the source of your webpage, find the URL to the playlist and then find the URL to each MP3, for example, and download the origional mp3 file. For arguements sake, we dont give a crap about the cached content after it has been streamed or some stupid as kid who is cleaver enoug to scrap it, the asshole would never had bought it anyways, and again, for arguement sake, while it might be a digital replica of the content, a scrap is not a perfect replica of the original file, for example, not META data would be available from a scrap... I am not sure about cache content, but it might also be the cas as well...

So, how do we keep the location of the playlist and/or the mp3s RELATIVELY secret, obfuscated, or really hard to get in a simple easy way? Its not about stopping the assholes, its about keeping the HONEST people honest...

Anyone have any helpful ideas?

Oct. 18, 2008Elric

If there's an mp3 file, then it can be taken. If you load the sounds directly into a flash project, then compile it, the listener won't have a separate mp3 file to extract; instead they will have to play the flv project.

Unfortunately anything that can be heard on your computer can be recorded. I guess you just have to make it as hard and annoying as possible to record.

Oct. 18, 2008kLink

 
Put the MP3 in an FLV container with ffmpeg or whatever...

No transcoding needed, so the quality stays the same.

The Flash Player will play it exactly as if it is the original MP3 file, but it will be less useful to those looking for MP3s for other uses. Sure it can be converted back to an MP3, but the software to do that is less commonly available.

Dec. 15, 2008ameisez

Reviving this topic...

hiding something and thieves steal it is not my problem, exposing things and letting thieves steal it is the problem here...

so... is there a solution to hide the location of the audio files but making it playable on the player?

Dec. 15, 2008kLink

No. If I can play it, I can capture it with a click of the mouse.

Dec. 21, 2008ameisez

I don't mind if you capture it... as long as you did not download it by looking at the source.

rephrasing the question.

Can i make my mp3 not viewable on the source nor the playlist.

can i make my playlist not viewable on the user's browser?

Dec. 21, 2008andersen

@ameisez - unless you use true streaming, the .mp3 files, playlist and urls will all be in the browser cache after playing - ready to copy and play/show on other devices or distribute - even if you encrypt or hide...

the internet was designed to distribute information and easy access, so it is quite difficult to undo these basic features...

but most people have absolutely no clue on how their computers and the web works - and will never look in the source code or the cache - but those few with intend will get your files, one way or the other...

one of the very most basic features of the internet is the ability to link to files at other locations - and there have been many courtcases around the world on the issue of deeplinking to copyrighted material - and it is ofcourse not allowed to present the work of others as your own.

another issue is when people realise that when placing big files on the web, the traffic can quickly be more expensive than imagined because people will link to the files...

the simplest way to avoid this "theft" of bandwidth (known as leeching) is simply to use JeroenWs - BotR as host - http://www.longtailvideo.com/players/CMS-Bits-on-the-Run

Dec. 30, 2008Alden Sloe

Simple solution for allowing a play for shopping purposes is to make the samples a highly compressed MP3. Good enough to get an idea if they like it but not for critical listening. Then set up the pay to download portion of the site to send the high quality version.

Apr. 05, 2009Rom

Ahm, if the stream is pure music, then getting a high quality copy of it is easy. If worse comes to worse, the person who wants to "steal" the music just connects an audio recorder to their soundcard, bypassing ALL security. It will record at the highest possible quality, in multi-channel glory.

The solution is:

1) Sabotage the music (as has been suggested) by placing random tones throughout.

2) Ensure that the quality of the music is really poor. Set a very low bitrate with mono sound.

Ultimately, the best solution is to ignore it though. It's been my experience that people who can't download your music for free will NEVER pay for it anyway.

Ultimately the best model nowadays is to allow everyone to download your music for free, in high quality. This means that everyone will come to YOUR site to get it so getting it from P2P becomes useless. Then simply ask for donations from people who like it. This will generate goodwill and a loyal fanbase (assuming you are any good!). Revenues will come naturally as people who like your music will always be happy to donate reasonable amounts - especially if they know it's going direct to their favorite artist with no middle men taking 90%+.

The RIAA is what is propagating the whole "licensing" and copyright theft scam. This benefits their recording studio members who see that their number is up - eventually all artists will realize the power of cutting out the middle-man. CD's are becoming a thing of the past (the only thing a studio really provided of any value was physical distribution and marketing - both of which can be done direct now with the Internet). Unfortunately the radio stations still pay homage to the RIAA thugs, but that I think will change in the not-too-distant future Hopefully the demise of the RIAA and its studio members will mean that the utter crap that they release from their "manufacturered" bands (a la Spice Girls, etc) will be a thing of the past too

Thanks!

Rom

Apr. 09, 2009lefTy

@Tod,

Thanks for the SPAM.

That's bad enough, but did you also have to double post it?

Apr. 09, 2009LennonNZ

looks like spam to me above.

Jul. 15, 2009deepak karma

using xml .

Jul. 21, 2009Vic

How about storing your mp3 files in a db?

Sep. 22, 2009BullShipp Artist

Geez...let me answer this stupid question:

NO, you can't keep people from saving your files or distributing them. If you're going to make them available for "listening", then it is quite possible that anyone with half a brain knows how to save them, retrieve them and SHARE them if they want to do so.

Here's a hint: use Audacity (free) to take a 6 or 7 second sample of the song (or whatever length you want). Save it and share THAT shortened file....if people want the music, they'll buy it...otherwise you're wasting your time, effort, money and bandwidth trying to do anything else.

Oct. 13, 2009jack Lancer

i have come across manysolutions such as DRM, expiry dates etc. one thing though, there is a site called 1club.fm, plays dance radio, can download stream with orbit, but since it is being broadcast in a way similar to a real radio, that is, say you have file1.mp3, it's being broadcast to a stream using stream.mp3, raltime, which means that, like a radio, you can't fast forward, and the sound is there only for the time you hear it, after that, stream.mp3 contains the new data. it constantly changes, so if you download stream.mp3, you'll just get the data that was embedded in it at the time of the download, i.e. about 1 second of playback, and it will come out corrupt. i'd like to find out how to do this, although from the way i explain it, it sounds remarkably simple. i can be reached at webmaster@jacklancer.co.cc

Nov. 04, 2009HayManMarc

After reading this entire thread, I think I must agree with Bullshipp Artist (BA) and the like when they say to sabotage the music file being played in some way, making it less desirable to download, save and keep. In my opinion, BA has the best solution by suggesting to make available only a portion of the song, a sample, thus retaining excellent sound quality for the listener. The length of the sample doesn't matter because most people don't want parts of songs, they want the whole thing. If they like what they hear well enough, maybe they'll buy it.

I understand the dilemma with this issue. The desire to share your creation VS. the desire to protect your intellectual property rights. This issue is as old as the industry itself. With sharing your creations, you will always be taking that risk.

please visit my site @ www.haymanquarterly.com

Add a reaction

You can also return to the category or try this search for related threads.

Your name *

Supported codes:

 

submit