How can you protect your video from being downloaded without your permission? The truth is, you cannot. No system is unbreakable and there is always a way to download or decrypt a video – from plain screen capturing to more sophisticated methods. Luckily, there is a wide palette of countermeasures that make things much more difficult for those who would like to “borrow” your work.
You can apply several layers of security to your video files or streams, so it’s up to you if you want to leave your house with locked armoured doors, or just leave the keys under the mat and keep the windows open.
- Bare Video Files
- Hotlinking Protection
- Avoiding Use of HTML
- Using Video Streams
- Encrypting the Video
Bare Video Files
This is basically a no-security option. HTML5 is by its nature an open standard, meaning that it is much more open for stealing than Flash. All it takes is to open the HTML source of the page, search for the <video> tag and you will get to the video URL. Less secure than a shoe box.
Hotlinking Protection
The URL of your video might be still open for viewing in HTML source, but if you apply a special time-limited signature, it will prevent other websites to link to your video files. This will prohibit any playback of your content outside of your website, which is helpful not only for protection from theft, but also in cases of streaming video on smaller servers – 3rd party stream embeds could cause huge amounts of unexpected traffic. FV Player allows you to sign your URLs with time-limited signatures via the Stream Loader feature.
Avoiding Use of HTML
The player can be initialized in a way that the video URL cannot be obtained from HTML source code. This is a sub-layer of security used by YouTube and Vimeo also. However, it is not too hard for experienced users to find their way around this. FV Player Pro offers this kind of protection also with CloudFront videos. Here’s a guide on how to set it up: Serving Private Videos via CloudFront.
Using Video Streams
HLS, RTMP or MPEG-DASH protocols are all harder to download than standard HTML5 video files. That’s because of the nature of such streaming: breaking the data to smaller segments. However, there are tools to download these streams, so the more experienced users will get past even this security measure.
HLS stream was at first supported only on Apple devices (iOS, OS X) and later support was added in the newer versions of Android. FV Player can also play it on any device with Flash plugin installed. We have also added support of the HLS.js library, which effectively plays the format on all modern browsers that use MSE for video playback. Read our guide Using HLS With FV Player for more details.
FV Player Pro supports HLS, MPEG-DASH and RTMP streaming with the possibility of hotlinking protection for the RTMP protocol. Hotlinking protection for HLS is available via the Stream Loader feature. You can also use Cookies for the signature. Cookie and URL signatures are a great additional layer of protection, however the most infallible security method is HLS encryption.
Encrypting the Video
The currently most secure option is the combination of streaming the video files plus adding encryption. Such protection is supported by HLS protocol, and FV Player Pro works with it as well.
HLS stream requires you to have your video files hosted somewhere and to use a video encoding and encryption service. Ideally, you should also use a Content Distribution Network to ensure, that your videos are always quick to load anywhere.
We suggest either using Amazon’s S3, CloudFront and MediaConvert combo, or FV Player Coconut. AWS is highly reputable, but notoriously hard to use. If you’re looking for something easier that you can manage directly from your WordPress back-end, you might like using FV Player Coconut. It combines DigitalOcean Spaces for hosting, BunnyCDN for content delivery and Coconut for encoding and encryption.
FV Player Pro can then hand over the access key to the browser when the video is played on the website by a logged in user (there are many options that can be set up at this point). Without the key, the video cannot be played. Even if you download it, you will only see a black screen. Read more about how to create an encrypted HLS in our AWS MediaConvert Encrypted HLS Guide.
There are ways of encrypting even MP4 files, such as Widevine, which is now part of Google Chrome. If you are not using Google Chrome, you will need a browser extension, for instance it is available for Firefox. YouTube allows you to buy movies, which you can download as MP4 files, but you will not be able to play these because of this protection.
