Foliovision › Forums › FV Player › How to … › Secure Videos via Vimeo and FV-Player
-
Hello,
I have used Vimeo as a video portal so far and embedded my videos directly on my site via the Vimeo VideoPlayer. However, it turns out that despite all possible security settings on the part of Vimeo (to prevent downloads) the videos can still be downloaded via the addon “Video DownloadHelper” from Firefox.
My question: Is there a possibility to offer the videos from Vimeo more secure with the FV-Player – respectively does the use of FV-Player with Vimeo provide an additional setting possibility for the security of the videos?
As far as I understand it, Vimeo offers the videos as Dash-Stream. Here is a link from your site to this as an example: https://foliovision.com/player/demos/mpeg-dash
The first video can not be downloaded via the mentioned DownloadHelper, the second one from this page can. How do I create or offer videos in the same way like the first video on this page? Do you have a guide for this? Is it possible to offer the videos from Vimeo with FV-Player in this way?
If there is a possibility with the FV-Player, I would switch to the combination Vimeo and FV-Player.Thank you very much,
Hoshang
-
-
Hi Hoshang,
Sadly, Vimeo videos are currently downloadable with VideoDownloadHelper. To truly protect your videos from downloading you need to use some kind of encryption(for example AWS MediaConvert with CloudFront and S3).
However, FV Player does offer more security options for Vimeo hosted video than the basic Vimeo player. We are currently working on a big update for the security of Vimeo hosted videos. You can try it at:WP Admin dashboard -> Settings -> FV Player Pro -> Hosting -> Vimeo(Pro) by enabling the Enhance Security (beta) option.
(Please be aware that you need to have the Beta version enabled to do this. If you don’t know how to enable the Beta, please follow this guide)
We will keep you posted about any incoming Vimeo security updates.
Thanks,
Juraj- This reply was modified 5 years, 6 months ago by Juraj Kacaba.
If you want to find out more information about video security and encryption. You can read our How to secure your videos documentation
Making the web work for you,
JurajHello Hoshang,
in the next FV Player Pro Beta version that “Enhance Security” will stop the Video Download Helper tool from working as we worked a lot on improving that function. It won’t be as good as encrypting the video, but a lot more secure than using the Vimeo iframe embed codes.
Thanks,
MartinThanks for the answers,
when will the next FV Player beta version with security against Video DownloadHelper be available? Is the Enhance Security Option for Vimeo (as described by Juraj) not yet available? I don’t see the option in the Vimeo Pro section under Beta Version in my settings.
Thank you,
HoshangThanks,
the setting would help me enormously if it prevents downloading via VideoDownloadHelper. When exactly will this be available (so that I can plan it a little better for my customer and the next steps)? I would try this out before I switch to the complex encryption of the videos.
Another question: as I see in your guide to Vimeo, there are already many setting options below Vimeo (Pro) area (see image 2 below). This is not shown, as you can see in image 1 above in my previous post. Why is that?
Best regards and many thanks for the great support and work on your side!
HoshangHi Hoshang,
Yes, one of our main goals with this security update is to prevent downloading Vimeo hosted videos with VideoDownloadHelper, however I can’t tell you the exact date the update will be published yet. There’s still a lot of work to do, but we will notify you during next week with new information.
For the advanced options, you need to “check” the Erweiterte Vimeo-Einbettung option. This will allow you to use all the advanced settings for Vimeo hosted videos.
Thanks for being part of the Foliovision,
JurajHi Hoshang,
We are really sorry for the delay. We’ve planned to work on the Vimeo security update yesterday, but we’ve ran into some problems with the new Chromecast feature which caused this delay.
Our development team is planning to work on the Vimeo security update tomorrow. Sadly, I can’t tell you the exact date yet. Everything depends on how the implementation will go on.
I’ll notify you tomorrow with new information after we start working on the update.
Thanks for patience and understanding,
JurajHello Martin,
thank you very much for the information.
Yes, of course, if the extension is made for security, it should also work properly and contain all possible security options from your side.
Thanks for your great work. I will wait until next week for the new version and hope it will be available then.Many greetings,
HoshangHello Hoshang,
we have deciced to put the advanced Vimeo security into a new FV Player addon plugin called FV Player Vimeo Security. You can buy it here: https://foliovision.com/downloads/fv-player-vimeo-security
Keeping track of what the video download tools are doing to download Vimeo videos and being able to react to that with our code is an extra maintenace burden, so we really had to make it a separate extension. Our code also needs to remain practically invisible to these tools – if we leave a visible signature somewhere, like an extra JavaScript file which loads, they could use that to detect our plugin and find a way around it.
After you make the purchase of that new plugin, you will be able to download it form https://foliovision.com/my-licenses
Also make sure you run latest FV Player and FV Player Pro. FV Player Pro needs to run in the Beta mode: https://foliovision.com/player/basic-setup/switching-fv-player-pro-to-beta
Then you will see new settings in Settings -> FV Player Pro -> Hosting -> Vimeo:
* Enhance Security – make sure it’s enabled
* Alternative Referer – enter some made-up domain and keep it secret, then make sure you configure this domain for all videos on Vimeo to be the only domain where your videos can be embedWe are looking forward to hear about your experience. Please send over some link to you website so that we can double-check it’s all working for you.
I’ll be on a vacation from Saturday to Tursday, so it would be best if we can get it tested this week.
Thanks,
MartinHello, Martin,
thank you (and the Foliovision team) very much for offering an FV Player addon extra for the security of Vimeo videos. It’s true: Vimeo offers enormous advantages as a video hoster – but shows weaknesses in the security of videos.
I got the FV-Player extension and already did first tests. As far as I could test it, the videos can no longer be downloaded via the DownLoadHelper. You wanted to check the security of the videos kindly once. Here is a link to a page where I added the videos with the extended security setting for Vimeo videos for testing: (redacted)
Unfortunately, I currently only allow my site to be accessed via Chrome browser. Because my videos were less secure with Firefox. After your tests I’d like to run the page over all browsers again. Maybe you can also test other download possibilities beside the DownLoadHelper. For me the security of the videos is very important and crucial for my service.
I have some questions about the settings:
1. In my settings for Vimeo-Pro (see image_1), there are no “Enable Quality Switching” and “Disable Video Caption” items, as shown in the Folivision Guide (see image_2). The first point is not so bad, because I always want to have the quality button on anyway. But I would like to remove the names of the videos (as they are called on Vimeo). How do I do that?
2. do I always have to use the “Alternative Referer”? Is this an additional security besides the “Enhance Security” option? I also used that in this case, like you said. The alternative referer is also not shown in the page source code.
3. At the bottom of the settings there is a “Convert Vimeo embed codes” button. Do I have to use it and always click up? What is this for?
4. In the page source you can access the Vimeo video link (e.g. https://vimeo.com/310411362 . Is that bad for video security? I saved the videos on private and not downloadable on Vimeo. Is that enough for the security of the links?
Thank you very much for the great support! I appreciate it.
Best Regards,
Hoshang- This reply was modified 5 years, 5 months ago by Martin.
Hello Hoshang,
let us know what made your videos less secure in Firefox and we will test that. Was there any specific video download tool in it?
1) Thank you for pointing that out, we are fixing the documentation as these settings were no longer needed.
You can remove the video name in the FV Player Editor. Or are you using shortcodes like [fvplayer src="..." splash="..." caption="..."] ?
2 & 4) That settings really helps with the security. It’s what makes it impossible to open the Vimeo video using the Vimeo embed code even if you try to spoof the referer.
3) That buttons is for conversion of Vimeo iframe codes to [fvplayer] shortcodes. It’s intended as a one-time action if you want to serve all your Vimeo videos with FV Player.
Hello Michel,
currently there is no demo page as that plugin affects all the Vimeo videos on a website. The price for increased security is lowered compatibility with older browsers, so we don’t want to have it on our whole websites where we do get a visitor with IE8 every now and then.
Thanks,
MartinHello, Martin,
Thank you very much for the answer.
No, I think I have expressed myself incorrectly. I have been offering my videos as private content via Amazon S3 before you completed/offered the security extension add for Vimeo videos. I had introduced an “Explicit deny to except from specific referer” policy in my bucket. This prevented DownloadHelper from downloading via Chrome – but Firefox’s DownloadHelper was still able to download the content. That’s why I only allowed Chrome browsers on my site so far.
With the security extension tool for Vimeo, which you have now created, now the videos also cannot be downloaded via Firefox with the DownloadHelper according to my tests. This is great the “Vimeo Security Extension”. I have now completely switched back to Vimeo and use your player with the security extension to play the videos. My site is now available for all browser types. You are welcome to test it further (https://tu-torials.de/vorschau/).
I will continue to perform some more tests regarding the video security with the extension – so far the tests have been successful.
Thank you for the great support.
Best Regards,,
HoshangI decided to try the plugin and it seems to work really well. I did come across a bug though.
There is one video on my site that comes up with
html5: video not found
Couldn’t find the required video type video/fv-mp4
If I deactivate the Vimeo Security plugin then the video will start working again.
If I leave the plugin activated then the video will not play at all even with a hard refresh.
Let me know what you think.
John
message when played.
Hi Michel and John,
First for the Michel’s question. Yes, the DRM text is supported no matter which video format/type of hosting you’re using. We hope you’ll like it.
If you have any other questions, don’t hesitate to make yourself a new forum thread and ask us.Thank you John for testing and providing us all this valuable information. The new Vimeo plugin is still in it’s early development stage so several issues may occure. We’ll have a look at the issue you’ve described. Thanks for understanding and help.
Thanks for being part of the Foliovision,
Juraj
Hello John,
I was not able to reproduce the issue with that video on Windows 10 with Chrome. We have worked on a membership website which uses this technology for about 800 members and there are no issues with it. So I was checking if I will find something specific about that video, but so far I wasn’t able to.
What did the other users use? Does it also fail for you?
Did you also experiment with the Alternative Referer setting? I would suggest you to only do that once it’s all working fine for you.
Please make sure you use the latest FV Player Pro Beta – 7.3.19.727.beta too.
Thanks,
MartinOk thanks for the update. I think it may have something to do with caching since I am using WP Rocket.
It works fine for me but a few people were having an issue. Two of them mentioned they were using the iPad on Chrome and IE 11 Windows 10 Laptop.
I’m using the latest 7.3.19.727.beta
Not using the Alternative Referer.
Hello John,
there should be no issues with WP Rocket as long as you clear its cache after updating the plugins.
We can’t make this work for IE 11 unless we compromise on the video protection. We will make sure these users get some nice message recommending them to use Firefox or Chrome.
But I though we fixed that iPad with Chrome issue. I’ll test that out on that video which you sent.
Thanks,
MartinHello Johnwt,
I tested that video 3380…7 on iPad using the Chrome browser and it played fine for me. Are your users still running into some video playback issues?
I also see what you mean about the cache – your website is configured to strip the query string versions. That way the browser doesn’t know when here is a new plugin JavaScript available and it hangs on to the old one. So these issues which you experienced are exactly the reason why we recommend not to remove the query string versions and wrote an article about it: https://foliovision.com/2017/06/wordpress-cdn-best-practices
Thanks,
MartinHello Martin and John,
I have been using the FV-Player (version 7.3.17.727.beta) with the extended security option for Vimeo videos and an alternative referer for some time now (about 3 weeks). Everything works fine for me so far. I also have many customers who use my videos through my membership site. So far I’ve only received one feedback that the videos on Chrome can’t be played with Ipad Pro – I recommended the customers to work with Safari – and with that the videos also work for him. I haven’t tried the new FV-Player beta version yet, with which the problem should no longer exist.
I myself use chrome on Windows 10 and the videos run flawlessly without any problems.
So John’s problem could be somewhere else and not on the player itself.For me personally, however, the security of my videos is much more important than that they cannot be played on individual combinations of browsers and computer types (especially if they are old devices/browsers types).
Best Regards,
Hoshang