How can you protect your video from being downloaded without your permission? The truth is, you cannot. No system is unbreakable and there is always a way to download or decrypt a video - from plain screen capturing to more sophisticated methods. Luckily, there is a wide palette of countermeasures that make things much more difficult for those who would like to "borrow" your work.
You can apply several layers of security to your video files or streams, so it’s up to you if you want to leave your house with locked armoured doors, or just leave the keys under the mat and keep the windows open.
- Bare Video Files
- Hotlinking Protection
- Avoiding Use of HTML
- Using Video Streams
- Encrypting the Video
Bare Video Files
This is basically a no-security option. HTML5 is by its nature an open standard, meaning, it is much more open for stealing than Flash. All it takes is to open the HTML source of the page, search for the <video> tag and you will get to the video URL. Less secure than a shoe box.
Hotlinking Protection
The URL of your video might be still open for viewing in HTML source, but if you apply a special time-limited signature, it will prevent other websites to link to your video files. This will prohibit any playback of your content outside your website, which is helpful not only for protection from theft, but also in cases of streaming video on smaller servers - 3rd party stream embeds could cause huge amounts of unexpected traffic.
For instance, Amazon S3 has a mechanism to set up the expiration time, which you can check out in our guide: Serving Private Videos with Amazon S3.
Avoiding Use of HTML
The player can be initialized in a way that the video URL cannot be obtained from HTML source code. This is a sub-layer of security used by YouTube and Vimeo also. However, it is not too hard for experienced users to find their way around this. FV Player Pro offers this kind of protection with CloudFront videos. Here’s a guide on how to set it up: Serving Private Videos via CloudFront.
Using Video Streams
HLS, RTMP or MPEG-DASH protocols are all harder to download than standard HTML5 video files. That’s because of the nature of such streaming: breaking the data to smaller segments. However, there are tools to download these streams, so the more experienced users will get past this security measure.
HLS stream can normally be played only on Apple devices (iOS, OS X) or newer versions of Android. FV Player can also play it on any device with Flash plugin installed. Another option is to use a plugin to play HLS using JavaScript, but it should be tested with encrypted video streams.
FV Player Pro currently supports HLS, MPEG-DASH and RTMP streaming with the possibility of hotlinking protection for the RTMP protocol. Hotlinking protection for HLS is not available, as it would have to be setup in a way that only M3U8 playlists require the URL signature and TS segments would have to keep working without it. Or it could be using Cookies for the signature, however we concentrate on HLS encryption.
Encrypting the Video
The currently most secure option is the combination of streaming the video files plus adding encryption. Such protection is supported by HLS protocol, and FV Player Pro works with it as well - the HLS stream can be served using Amazon’s S3 or CloudFront and encrypted by their Elastic Video Transcoder.
FV Player Pro can then hand over the access key to the browser when the video is played on the website by a logged in user (there are many options that can be set up at this point). Without the key, the video cannot be played. Even if you download it, you will not be able to play it either.
There are ways of encrypting even MP4 files, such as Widevine, which is now part of Google Chrome. If you are not using Google Chrome, you will need a browser extension, for instance one available for Firefox. YouTube allows you to buy movies, which you can download as MP4 files, but you will not be able to play these because of this protection.
