Discouraging Image Theft

Recently I received a question from a colleague regarding image theft and how to prevent it. The sad truth is that you can’t. There are techniques to discourage downloading and reuse of your preciously-crafted images, but they generally aren’t 100% effective or user-friendly for your normal site visitors.

The reality of unwanted image downloads is a bit depressing: there is no guaranteed way to protect your images from being taken—the most you can do is discourage it.

First, make sure your copyright notice is clearly posted on each page indicating that downloading or using images without permission is not allowed. In doing so you are legally holding your site visitors accountable if they steal and reuse your content.

If you suspect that image search engines or IE-only users are the culprits, using client- and server-side techniques might help alleviate the problem. But if you are looking for a universal solution, editing the images is your best bet since all these techniques can be circumvented by taking screenshots, using screen scraping tools, or simply viewing the locally cached images.

Client-side techniques

  • Disable the right-click menu
  • Disable the shortcut menu in Internet Explorer
  • Use a transparent image overlay

There are JavaScript solutions for disabling the right-click contextual menu; unfortunately, it will only deter a few people. Anyone that is intent on stealing images can still do so. In older versions of Internet Explorer you can disable the image shortcuts that appear when you hover over an image; again, if that is your target browser (or if you suspect that’s where it’s coming from) then implementing IE-specific techniques might work.

Most right-click disabling scripts rely on browser-specific functionality or JavaScript, making them unreliable in other browsers. The downside is that you risk annoying your real customers by removing expected menus and links.

Another technique—which Flickr employs—is the transparent image overlay. This involves layering a transparent GIF over the top of the image you wish to protect. When the image is right-clicked and saved, the person assumes they are downloading a JPG but instead get the transparent GIF.

From Flickr’s download prevention help text:

Preventing people from downloading something also means that a transparent image will be positioned over the image on the main photo page, which is intended to discourage people from right-clicking to save, or dragging the image on to their desktop. By “discourage” we do mean simply “discourage”. Please understand that if a photo can be viewed in a web browser, it can be downloaded. The transparent image overlaid on the photo will not keep your images safe from theft, and is intended only as a slight hindrance to downloading.

Using Flash to display images is another method to discourage image theft (since Flash right-click menus can be customized), but it isn’t foolproof. Just like these other techniques, people can simply take a screenshot to capture the image.

Server-side techniques

  • Block image search engines
  • Disable image hotlinking

Image search a popular way to access images. If you notice a lot of traffic from image search engines, try blocking them with a rule in your robots.txt file. See Remove an image from Google Image Search for more details.

I also recommend disabling hotlinking by adding rules to your site’s .htaccess file. Doing so will not only potentially save you bandwidth costs by stopping other sites from reusing your images and content, it will prevent directly linking to your images without your permission.

Image content editing

  • Add watermarks
  • Use very low quality images

Although altering the image affects how it looks and works on your site, it is quite a bit more effective than simply trying to disable downloading or saving. Again, this is only a means to discourage theft — skilled graphic artists can remove a watermark and still have a usable image.

Using low quality images could also help, but finding a good balance between impressing your customers and deterring theft can be difficult.

Bottom line

If someone really wants the image, they will get it. Using the techniques described above will discourage most people from downloading your images, but remember that posting your images online means you run the risk of anyone downloading and reusing them.

Further reading

Self-Updating Copyright Dates

In “10 complaints the customers have about the design of corporate web sites“, Luke Manion mentions having current date information on your website. His tenth pet peeve is “Out of Date Information.”

An outdated copyright date or an expired offering calls all the information on a website into question as to its correctness.

I agree with Manion—I find it to be a big turn-off when a website doesn’t have a current date listed. It tells me that the site owner or maintainer doesn’t care about keeping the site up, or doesn’t know how to set it automatically.

While this concept may be a no-brainer for many webmasters and website owners, other owners and maintainers seem to ignore the easy fix — let the copyright date update itself.

At the very least, the outdated copyright date screams, “We don’t update our site. You can’t trust any of the content here.”

Of course, there are some exceptions like the homespun websites that are just flat HTML files with no scripting support. But come on—if you use any of the popular hosting services out there, whether it is a Windows, Linux, or Apple server environment, you probably have access to at least one of the common scripting languages such as PHP, ASP, or Coldfusion.

If you have an out-of-date copyright in your website footer, go fix it today. It will add credibility to your website and give the impression that you care about what your visitors see and read. Your visitors will be impressed at the turn of the year when your site date automatically changes. As a plus on the technical side, you will have one less thing to worry about when January 1st rolls around.

Here are some code samples for adding a dynamic date to your website page or blog template1 (line wraps marked »). The output desired is:

Copyright 2008 My Company.


Copyright <php echo date('Y'); ?> My Company.

VBScript (ASP)

Copyright <?%= now(yyyy) %> My Company.

CFML (Coldfusion)

Copyright <cfoutput>#DateFormat(now(), "yyyy")#</cfoutput> My Company.

JSP (Java)

Copyright <%= new java.text.SimpleDateFormat("yyyy"). » format(new java.util.Date()) %> My Company.

RHTML (Ruby)

Copyright <%= "#{Date.today.year}" %>My Company.

Note: I do not guarantee that these code samples will work with your server and website setup. These snippets are here to show you how easy it can be to output a dynamic date in the most common scripting languages. Please use with caution and test thoroughly before using on a production website.