How to fight off image theft
A few of my readers have inquired about how they could stop people from copying their images posted on their web site. A previous article entitled Image Bandwidth Theft linked to a guide on thesitewizard.com that deals with “hotlinking.” Hotlinking is when a webmaster directly linking to images hosted on your site for pages on their site — a great way to leech your bandwidth.
Mod_rewrite can defend against this by serving up an error 403 (Forbidden) response. I’m using a modified version of the one mentioned on thesitewizard.com but it essentially does the same thing. Here’s my version:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourwebsite\.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
If you have subdomains, you should add this line before the RewriteRule:
RewriteCond %{HTTP_REFERER} !^http://.*\.yourwebsite\.com/.*$ [NC]
This will prevent other webmasters from jacking your images. However, this doesn’t prevent the average user from stealing your images. There are four methods I know that prevent people from easily copying material from your site.
The first is to disable the image toolbar in Internet Explorer 6+. Paste this meta tag into the <head> of your HTML pages (XHTML version posted — for HTML 4 remove the end slash):
<meta http-equiv="imagetoolbar" content="no" />
Also, make sure that image indexers such as Google Images aren’t indexing your images. Add this meta tag to prevent that from happening:
<meta name="robots" content="index, follow, noimageclick, noimageindex" />
JavaScript can also be used to prevent image theft. You can disable the right-click function, which prevents Internet Explorer users from using the “Copy” command or Mozilla users from using the “Show Image” command. I’m not a big fan of this method but I thought I should mention it. DynamicDrive has a disable right mouse click script that is free to download. Just remember that it disables everything else in the right click menu, not just the copy commands.
Noah Grey has a no right click script in action on his site and I find it as tasteful as those scripts get. They still annoy me though.
Some web sites use JavaScript mouse-overs to change the image when the cursor is over it. I find this to be a really dumb tactic and I’m not posting any examples of its usage because it’s visually distracting.
In the end, images are almost impossible to protect because visitors can always take a screenshot using “Print Screen.” At best, display a copyright at the bottom of the page or get a Creative Commons license. Then you have stated explicitly what can and can’t be done with your images, giving you legal empowerment. On my weblog, I let people do what they want with my photos as long as they give me proper credit according to my Creative Commons license.
Follow-up: Thwart Hotlinkers with a Replacement Image
4 comments
images are impossible to protect. you can simply left-click-and-drag an image to the address bar and it will display without any html
as for rightclicking, you can splice the pic in pieces and stuck them back with html. lengthy, more code rendering in heavy pages. but can be used to annoy people with some of your images. most users know nothing about how to print a screenshot.
best way to prevent image theft is to have really nasty low quality images, then no one will want to nick them anyway.
=0)
nice :) ;))