-1

How can I let end-users listening to my website's musics to play the songs, but reject their request if they are going to download the song via download manager or etc.?

For example, it would be nice if they only get a HTML file or a 403 status code?

UPDATE:

We are providing two kind of availability on our website, one is by radio streaming using IceCast and the other is playable songs for those who sign up. I knew something like cloud object storage architecture could save the webserver from providing the path of the file so in that case the user might lose the chance to download stuff directly, unless by recording the data, so I thought how may it be possible to do it without cloud object storage architecture, if possible.

I know that we can always circumvent everything, so I know it cannot be 100% working, but at least make it harder to download and reduce the chance of detecting the original file path.

Anders
  • 64,406
  • 24
  • 178
  • 215
Parsa Samet
  • 246
  • 2
  • 10

1 Answers1

6

Short answer is you can't.

As you send the data from your server, it is out of your control. You have no control what so ever about what the client does with it. You can build all sorts of systems to try to differentiate requests for download from requests to play, but you can not stop the client from sending a play request when they actually intend to download. In fact, if the song is played on the client it is already "downloaded" - all the user needs to do is save the downloaded data.

This does not mean that you can not make it harder for the user to save the song. Techniques to do this are called "digital rights management" or DRM, and what they all have in common is that they can be defeated. In the case of sound it is trivial - just record the outgoing audio... However, it might be enough to deter the not very determined attacker.

In the case of audio in the browser, what you probably want to look at is Encrypted Media Extensions. Browser support is not perfect for that, though, and I would think twice before using it.

Anders
  • 64,406
  • 24
  • 178
  • 215
  • 2
    Next time someone does something like this, I'll get a 3.5 mm stereo male to 3.5 mm stereo male cable and hook the sound card's output up to its input. Or stop visiting their site. – user Sep 13 '16 at 10:38
  • Thanks for your quick answer, I voted up but yet I need to ask you about more detail. So if there is no way, what is occurring on coursera.com or similar websites that we cannot download their content ( specially mp4, mp3, Ogg)? – Parsa Samet Sep 13 '16 at 11:34
  • 1
    You *can* download the Coursera content, it is just not as easy as right clicking. I don't know what system they use - I checked out their site, and I think I need to sign up to see any content, so I can not investigate. But there is no way for them to prevent me from just using a screen recording software to grab the video. – Anders Sep 13 '16 at 11:46
  • @Anders Yes you can if you sign up and pay for the course, but there should be something like using keys or whatsoever. I know nothing can prevent us from anything, I just needed to know how is it possible to do this. – Parsa Samet Sep 13 '16 at 18:26
  • @MichaelKjörling it's quite easy to do that with [virtual](http://jackaudio.org/) [audio](http://vb-audio.pagesperso-orange.fr/Cable/index.htm) [cables](https://github.com/RogueAmoeba/Soundflower-Original). This won't even lose any quality. – Josef Sep 14 '16 at 06:17
  • 1
    @ParsaX As I said, if you really want to do this my best bet would be EME. – Anders Sep 14 '16 at 07:19