Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Alchemedia: images that can't be copied?

By Elbelow in Internet
Mon Nov 27, 2000 at 10:07:08 AM EST
Tags: Technology (all tags)
Technology

A company called Alchemedia claims to have an image protection system that allows you to put an image on a web page without anyone being able to copy it.


The company's White Paper, available from the website, explains their technology and compares it to image degradation techniques and digital watermarking.
Users have to download a special "Clever Content Viewer" which retrieves an encrypted version of the image from an image server on the web host. The plugin (or ActiveX control) decrypts and displays the image, but does not allow you to copy the image to the clipboard and refuses to display the image if it detects any of the well-known screen grabbers/snapshot programs (such as SnagIt) running. The browser's "Save" and "Print" functions are also disabled, as is the Print Screen function Windows provides.
Is anyone else a little sceptical about these claims? It would seem that using a screen grabber Alchemedia doesn't know (yet) would suffice to get the image. Hardware techniques might work too. All this assuming their encryption scheme proves to be robust.
I do not want to make a general statement about intellectual property rights and content control on the Web, but I don't think relying on technology that doesn't work helps anybody.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Alchemedia
o Also by Elbelow


Display: Sort:
Alchemedia: images that can't be copied? | 25 comments (25 topical, editorial, 0 hidden)
I can't imagine it working (3.42 / 7) (#1)
by kraant on Mon Nov 27, 2000 at 07:06:26 AM EST

  • For technological reasons
    1. It would be far too easy for someone to make a new screen capture program or find a way to disable it's screen capture prevention (It wouldn't take long)
    2. Once that's happened then people have both the encrypted and unencrypted data then (as long as the display isn't inherently lossy in which case the people who would be the target market for the product wouldn't like it) it's just a matter of time until it's cracked.
  • And Social Reasons
    1. It's hard enough to get people to install plugins that actualy do stuff like shockwave or java... it'd be nearly impossible to get people to install something just to see picture...

--
"kraant, open source guru" -- tumeric
Never In Our Names...
nope (3.58 / 12) (#2)
by titus-g on Mon Nov 27, 2000 at 07:17:49 AM EST

WinX in a vmware/plex86 window, use the underlying OS to screen grab.

And that's after about 5 seconds thought, so there are probably even easier ways to do it, even with existing tech and apps.

Yet another company building on sand and bullshit, there should be inspectors....

--"Essentially madness is like charity, it begins at home" --
[ Parent ]

Geography info (3.75 / 4) (#18)
by shook on Mon Nov 27, 2000 at 04:47:41 PM EST

Someone mentioned this being used by Terraserver, another mentioned an image file that took up a whole CD. Satellite images, aerial photos, and the like are VERY expensive. If you pay several thousand dollars for an Infrared aerial photo, you would probably not think twice about installing special software to view it. Strong copy protection would be very desirable to companies that have to actually get up in a plane, or launch a satellite to take thier pictures.

Not all pictures are pr0n and vacation photos.

Of course, along with the images, geographical software is very expensive too, and several people in my Remote Sensing class snuck CD's full of software and images home so they could make copies. So just because ArcINFO may not be as popular on warez pages as Unreal Tournament, that doesn't mean geographical software and imaging companies wouldn't be worried about people copying thier stuff at will.

[ Parent ]

Another Reason It Can't Work: Security (3.33 / 3) (#20)
by sigwinch on Mon Nov 27, 2000 at 08:19:27 PM EST

This is their plan:

  1. Where "they" are a company who thinks they don't have enough control of my computer.
  2. So they scan my computer to find things they do not like.
  3. This list of things is reported to them (and by extension their lawyers).
  4. Actually, they don't say they will be sent the list of things running on my computer, but it is their binary, their encryption, and I don't have the time to reverse-engineer it.  It the absence of an actionable contract not to nefariously report data, it cannot be assumed not to happen.
  5. They use the list to deny me access to a service I paid for.
  6. The DoS is probably based on an undisclosed algorithm.  It is certain to malfunction.

No thanks.

--
I don't want the world, I just want your half.
[ Parent ]

Two words... (2.00 / 9) (#3)
by Luke Scharf on Mon Nov 27, 2000 at 07:27:03 AM EST

Screen capture.



Screen Capture isn't lossless. (2.60 / 5) (#4)
by porkchop_d_clown on Mon Nov 27, 2000 at 07:31:25 AM EST

Screen capture will only grab the image in the size and number of colors it's currently displayed in - so it wouldn't be perfect.



People who think "clown" is an insult have never met any.
[ Parent ]
Good call. (3.57 / 7) (#8)
by Luke Scharf on Mon Nov 27, 2000 at 08:58:50 AM EST

Screen capture will only grab the image in the size and number of colors it's currently displayed in - so it wouldn't be perfect.

This is particularly true for airial/satellite photos. It would take a very long time to screen capture the whole thing at full resolution.

An image protection scheme would make sense for these photos - I've seen one image file that was about the size of the CD it came on. It (for obvious reasons) required a special viewer so that we could zoom into specific reasons without using all 256mb of real RAM, and so that we didn't have to read the whole file from the disc...



[ Parent ]
DirectX/DirectShow etc.? (3.50 / 10) (#5)
by FunkyChild on Mon Nov 27, 2000 at 07:33:30 AM EST

I could be wrong about this, but it may be possible to avoid screen capture etc. if it uses DirectX to push the image straight out to the video card, bypassing the OS.

I think this is why I can't take screen captures of movies in MS Media Player whilst hardware acceleration is turned on. Seeing that this is an ActiveX control in the page, it may well be possible to do this.


-- Today is the tomorrow that you worried about yesterday. And now, you know why.
other screen grabbers (3.28 / 7) (#6)
by mikpos on Mon Nov 27, 2000 at 08:30:27 AM EST

Would it not be possibly (I dare say easy) to make a screen grabber than grabs from the framebuffer of the video card itself, just as the old-school DOS screen grabbers did? Mind you those screen grabbers were basically dealing with only two kinds of video cards: EGA and VGA :), but it doubt it would be impossible (or impractical).

[ Parent ]
If you can push an image straight to a video card (3.50 / 4) (#15)
by SIGFPE on Mon Nov 27, 2000 at 04:31:14 PM EST

then another program can pull it straight out.
SIGFPE
[ Parent ]
It's still possible (2.71 / 7) (#7)
by tweek on Mon Nov 27, 2000 at 08:45:08 AM EST

A guy at work here wanted to grab a screenshot of IE showing his house on Terraserver. They use this type of image format as well. We fired up snagit and it automatically replaced the image with the companies logo. We shut down IE and reloaded the page and we're able to get the screencapture we neeeded. I don't know exactly how we did it but those were roughly the steps. The thing that companies don't understand is that if it can be decoded by their programs, it can be decoded by someone else. See DeCSS for an example.


Some people call me crazy but I prefer to think of myself as freelance lunatic.
Sounds like a caching thing (2.40 / 5) (#9)
by squigly on Mon Nov 27, 2000 at 09:20:20 AM EST

Which means that all you need to do is look in the cache.

--
People who sig other people have nothing intelligent to say for themselves - anonimouse
[ Parent ]
In a finite space.. (3.91 / 12) (#10)
by Chiron on Mon Nov 27, 2000 at 10:15:44 AM EST

There's an infinite number of stupid venture capitalists willing to support this crap. Here's a nice little amendment to their FAQ.

Q) Where is the decryption algorhithm?
A) On the client's machine, in their plugin.

Q) Where is the decryption key?
A) It's either been fetched by the machine, or is contained in the plugin.

Q) Can the device displaying/interacting with the decrypted data be tampered with?
A) Yup. Good luck keeping users away from binary editors, memory dumps, disassemblers, folding, spindling and mutating software.

Q) What would be the #1 application for this technology?
A) Pr0n.

Q) What is the favorite target of hormone-crazed hackers?
A) Pr0n.

Q) How long will this product survive?
A) Until some hacker sees a picture of Cindy Margolis in it that he absolutely must have to finish his collection. ;)

How is this different from a java applet? (2.50 / 4) (#11)
by GusherJizmac on Mon Nov 27, 2000 at 12:22:45 PM EST

To keep people from downloading a picture easily, just serve it up through a Java applet. I presume the only point of this is to keep people from right clicking and doing "Save As...". It's not really possible to prevent anything more.

As posted by others, a screen capture or hack would easily allow saving the picture....
<sig> G u s h e r J i z m a c </sig>

A quote from Alchemedia's white paper (none / 0) (#22)
by Elbelow on Tue Nov 28, 2000 at 03:20:40 AM EST

Begin quote -- Java applets: A number of products exist which replace images with Java applets that are automatically downloaded and in turn display the images. Consequently, the browser s Save As command will not save these images. However, this method is fundamentally flawed because by its very nature, Java runs inside a virtual machine that insulates it from the underlying operating system. Therefore, it cannot have sufficient control of its environment to prevent screen-captures using the Print Screen key or third-party programs. -- end quote.

Of course, as others have pointed out, Windows can be run in a virtual machine in its entirety, thus "insulating it from the underlying operating system".

[ Parent ]
VNC (3.00 / 6) (#12)
by jcs on Mon Nov 27, 2000 at 12:49:29 PM EST

how about viewing the screen through VNC? print screen won't be disabled on the client computer.

this is similar to those trying to make sound formats that can't be copied. a simple sound driver that writes everything to a .wav shot this idea down rather quickly.

Laughable... (3.57 / 7) (#13)
by WWWWolf on Mon Nov 27, 2000 at 02:03:00 PM EST

Ah! Another very very very futile attempt at "securing the copyrights" and all that.

Here's what I've been saying, just like everyone else: If it can be seen, heard, or felt, it can be copied - If you try to stop people from doing it, they'll just do that twice as eagerly.

So what's going to stop a im8g k0py1ng d00d from writing a screen capture program of their own that this plugin won't detect? What's going to stop the same d00d from firing up a debugger and poking around the ActiveX control, or opening the encrypted file and cracking the encryption? Nothing, I guess...

My prediction is that this pathetic attempt is very, very eagerly adopted by the people who don't have any worthwhile content. (For some reason, those who need to fear copyright infringements least are the first who try to secure their rights - ever noticed how always the lamest homepages try to disable right mouse button with JavaScript? =)

A small hint to anyone who's afraid of capturing images: If you fear that your pictures are going to be ripped off, don't put them to the web. I'm not afraid, so I have put them to the web (obligatory self-plug... =)

Also remember that if someone copies the images, the copyright laws will protect you - even if you didn't try to stop the thief with a shotgun =)

-- Weyfour WWWWolf, a lupine technomancer from the cold north...


So virtualize it. (3.25 / 4) (#14)
by Kev Vance on Mon Nov 27, 2000 at 04:07:00 PM EST

Even if their directx voodoo somehow manages to stop third party screen capture utilities (why do I somehow doubt this..?), you can always go one level further. Instead of letting the program talk to your video card in windows, just virtualize the whole session with the likes of plex86 or vmware. No amount of graphics foolishmess is going to prevent screen captures on an emulated screen.

Why bother ? (2.33 / 3) (#16)
by camadas on Mon Nov 27, 2000 at 04:40:48 PM EST

Take a *real* photo of the screen.

[ Parent ]
Don't laugh (none / 0) (#23)
by Elbelow on Tue Nov 28, 2000 at 03:24:56 AM EST

Some people apparently still think this is the best way to make slides for a presentation.

[ Parent ]
It's probably a scam (3.60 / 5) (#17)
by SIGFPE on Mon Nov 27, 2000 at 04:43:27 PM EST

My company was looking for a way to protect images and got talking to a company offering something similar. They described their system to us and within about 30 seconds we had pretty well proved it useless. But they didn't care. They just went on to talk about their existing customers are happy (and presumably stupid) and how much money it would make and how big their backers were. If you have an idea for technology like this (that doesn't work) all you have to do is find a customer that is more ignorant than you and sell it to them.

Every time a new product like this comes out I end up having the same conversation with my colleagues.

"Look, this encryption works".
"No, this is how you can defeat it"
"Only smart people can figure that out"
"Only one has to"
"You'd have to be pretty determined to find the right person"
"No, you use a search engine, it takes minutes."
SIGFPE
How it works..... (4.60 / 5) (#19)
by Blarney on Mon Nov 27, 2000 at 08:14:19 PM EST

  Their method does not "detect" any "well-known screen grabbers". It does not have any idea what grabber you are running - and it can't tell SuperNeatoDump that you paid $40 for from the Print Screen key.

  Most grabbers all work the same way, and Alchimedia's method is intended to defeat them. In Windows, the Desktop is itself a window. Basically, the programmer gets a window handle for the Desktop with GetDesktopWindow(), he gets a device context from that with GetDC(), and then he copies the picture off of the Windows screen with BitBlt() or some similar function.

  However, when you do this to their image, you'll find their stupid logo instead. That's actually what's stored in the Desktop window, which is the root of all other windows. And this will happen no matter what screen dumper you use. Even the translucent text editor "CrankPad" will show the logo instead of what's supposed to be underneath it.

  They're using a DirectDraw surface to render to instead. This is something that Windows programmers do to grab a chunk of video memory and write to it directly (or at least more directly...) - developed for games and similar high-speed applications, which otherwise could not run inside the Windows environment. Basically, the Windows GUI has no idea that the image is even there. You can't use the usual Windows API calls to copy it out, because Windows only thinks that the stupid Alchimedia logo exists.

  So if you want to copy the pixels out, the easiest way is probably to directly access the video memory of your card. This is probably going to be very dependant upon the make and model of your video card - it'll basically be a backwards video device driver.



And what about the Macintosh version? (2.00 / 1) (#21)
by Elbelow on Tue Nov 28, 2000 at 03:13:01 AM EST

Does the Macintosh have mechanisms similar to Microsoft's DirectX?

[ Parent ]
It does detect SnagIt (3.00 / 1) (#24)
by Elbelow on Tue Nov 28, 2000 at 07:31:19 AM EST

I am not denying (nor confirming) that the Content Viewer uses DirectDraw to send the image directly to the video card, but it does actively detect certain screen grabbers.
When SnagIt 32 is active and ready to grab, the viewer does not display the image. Instead it fills the image area with the company watermark/logo, with the message "Please close SNAGIT32.EXE" superimposed! This message is repeated in Netscape's status line. As soon as you click SnagIt's close button, the intact image reappears.

[ Parent ]
VMWare (3.00 / 2) (#25)
by Pope Slack on Tue Nov 28, 2000 at 04:31:29 PM EST

Another way to defeat a scheme like this would be to run Windows in
VMWare (or similar) and screenshot the emulator window.
The 'protected' control happily renders the image (in DirectX) into
the emulated framebuffer, which is then rendered by the emulator into a plain
Windows window, and easily capturable.

--K




Alchemedia: images that can't be copied? | 25 comments (25 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!