Posted on

How to: Protect your downloadable content

Cahir Castle Portcullis by Kevin KingHow do you create web-accessible e-publications that are NOT downloadable and NOT printable for users who haven’t paid for them? This is as much of a minefield today as twenty and eight years ago in previous lives. How to protect your web downloads?

Why is this an issue?

There is a need to balance ease of access and customer service against the administration or IT cost of providing the material. And it has to be through a robust delivery mechanism.

To put it another way:

  • how much of a threat is unauthorised redistribution of valuable content?
  • how much effort and money are content creators prepared to invest in an attempt to prevent piracy?
  • how much inconvenience will customers tolerate, and will that cost more in the long run?

Restricted PDF’s

The PDF format was designed to be the universal, ‘access-anywhere-on-any-device’ format; the ubiquity of standalone readers and web-browser plugin’s for reading PDF’s made it so.

Previous clients have placed PDF’s behind the login page, or ‘pay-wall’. This relies on the user’s account profile to determine whether it is a free download or must be purchased through the shopping cart. There are no further restrictions on opening or printing the document once you have access in the browser.

In most web-browsers, once the download link is available, clicking on it triggers the ‘Save As’ function, ‘Open in Adobe Reader’ or open in a browser PDF plug-in.

In Adobe Reader and pretty much every browser PDF plugin, the PDF can be downloaded by pressing the ‘save’ button.

At this point, there are no restrictions on copying or sharing the PDF.

Adobe InDesign, the publishing tool from the original creators of PDF’s, has security options for PDF files. Disabling or setting a password for, opening or printing remain common options. Our clients didn’t apply PDF passwords or un-locking codes. These are a burden to administer, as you have to give the user an un-lock code. Make this a unique pass-code to each document, that is a pain to manage. Make this generic and like passwords, access codes leak out across the Internet.

Technically, PDF passwords are not that difficult to bypass. They simply make things a little more difficult for the casual pirate to share. That doesn’t stop anyone screen-printing individual pages from a high-resolution display and pasting the legible images into a Word document or another PDF.

All viewers are not equal

This sort of “protection” only works when all PDF viewers respect the settings. My three PDF viewers – which doesn’t include Adobe Acrobat – don’t!

Flipping Book format

Many organisations use the Flipping Book format for documents rather than MS-Word or PDF. This is the container format also used for those for ‘look inside’ previews on many sellers’ sites such as Amazon books.

One client used Flipping Book for full documents made available to members. Creating full Flipping Book editions for all the resources in the catalogue was no straightforward task.

While Flipping Book can be set to disallow saving and printing, this relies on Adobe Flash used in the Flipping Book software.

You may or may not be missing Flash, a cross-platform software product that’s been in decline for several years owing to serious security flaws. Flipping Book provides an alternative ‘basic HTML’ version for older web-browsers and those with Flash disabled. That includes most of the local authorities in the subscriber base of that client.

This mattered because the Basic HTML version of Flipping Book didn’t support the no-printing, no-saving settings. It’s HTML. In a browser. You can do anything with it.

So if none of these formats is entirely secure,  where does that leave us? DRM. And although we don’t like it, does it work?

Image credit: Cahir Castle Portcullis by Kevin King