lj_dev: Watermarking imges.

Sarah (

sarahs_muse) wrote in

lj_dev,
@ 2008-05-03 20:36:00

Entry tags:

server

Watermarking imges.
Does anyone know of any possible ways of watermarking an image hosted on a server with the logged in users ID?

It's a big problem for some communities; people leaking images.

I was thinking of that small off-site image creation program someone wrote many months ago, I don't know if anyone rememebrs it? It created the text of the persons ID who was reading the post in an image, so to anyone who read a journal entry with these little images in, and thought they were reading a post about themselves.
The posts were sort of like "I had a dream about last night!!"

If a way could be found to do that again, or some other facility, webmasters could create watermarking routines for images hosted with them and this would solve all the problematic allogations that usually go on.

(Post a new comment)

zetawoof
2008-05-03 08:34 pm UTC (link)

No, there's no way to determine whether a user is logged in to Livejournal from any site other than LJ. You can often make an educated guess from the referring URL if they're seeing the image on their friends page, but that's not going to do you any good if the images are viewed from anywhere else, like the community page or the entry page. (Note also that some web security software disables the Referer header entirely.)

(Reply to this) (Thread)

	zorbathut 2008-05-04 04:25 am UTC (link)
	Or from someone else's friends page. (Reply to this) (Parent)

	pauamma 2008-05-03 09:01 pm UTC (link)
	I don't think you can do that using a third-party server only. All the third-party server has to work with is the URL of the page containing the image, not the authentication cookies, and the page containing the image doesn't tell you who's reading. (I could be reading your journal, or the friends page of someone who friended you.) But perhaps that's what you meant? (Reply to this) (Thread)

	sarahs_muse 2008-05-03 09:06 pm UTC (link)
	Yeah. Hm, there isn't any existing way of doing it is there? What would be perfect I think, would be a Livejournal HTTP API query along the lines of: http://www.livejournal/api?getUser=153.98.123.44 That would work brilliantly, but would require a programmer to add it. =( sigh Which would be impossible. (Reply to this) (Parent)(Thread)

supersat
2008-05-03 09:18 pm UTC (link)

A simple IP-to-user translation wouldn't work for a variety of reasons. First, many would consider it an invasion of privacy. For example, I could do a brute force scan of all IPs belonging to a certain company and find all users logging on to LiveJournal from that company. Additionally, many people access LJ through NATs or proxies, so many users could be sharing one IP address.

The real way to do this is to require community members to authenticate to the third-party site using their LJ OpenID identity, and then giving them a permanent cookie based on their username. Then, you can only serve up images if they have a valid cookie, and watermark them. Any other method (like the one used to create personalized messages) can be easily fooled by sending your server bogus information.

Of course, your watermark has to be sufficiently strong to resist tampering or colluding, depending on your level of paranoia. For example, some watermarks could be defeated by applying photoshop filters to the images, or multiple people exchanging the same photo and figuring out how they differ.

(Reply to this) (Parent)(Thread)

sarahs_muse
2008-05-03 09:24 pm UTC (link)

Ah, fantastic ideas... I like the sound of the LJ OpenID suggestion.

Personally, I'm an attention-h*** with creative commons on everything low-res I produce, but I know lots of people in some communities are very wary of copyright infringements, or nice pictures being leaked and having no-one accountable. I personally think that trust in communities is undermined when the 'bad apples' never get caught. It would certainly help member cohesion.

(Reply to this) (Parent)(Thread)

ciaran_h
2008-05-03 10:07 pm UTC (link)

I should point out that requiring users to login to a third-party site to view images will make it obvious that you're watermarking them, especially considering the communities you might be posting in. After that, depending on how you watermark them, it may only be a small step to cracking them, or worse, faking a watermark in someone else's name and posting *that* somewhere.

(Reply to this) (Parent)

	pauamma 2008-05-03 10:58 pm UTC (link)
	Wouldn't work. Even without considering stuff such as NAT and proxies, I can be logged in from the same computer as different users using several browsers. (Reply to this) (Parent)

jamesd
2008-05-04 04:44 am UTC (link)

I suggest that you review the "your legal obligations" questions and related material at the Information Commissioner's Office web site.

What you're contemplating appears to possibly be illegal, as a surreptitious collection and disclosure of personally identifiable information, whether it's an IP address (US people, European courts do consider this personally identifiable) or a user account.

As a start to being more likely to be legal you'd have to do things like declaring the purpose accurately and then only using the information in the ways disclosed, while protecting it from tampering (like forgery, mentioned in another reply) and disclosure contrary to the described purposes.

The forgery risk is probably more significant for people who have a reputation within a community and who may be targeted.

(Reply to this)

Username:		Create an Account Forgot your login? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…

About

Help

Get Involved

Legal

Store

LJ Labs