Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,064
    Thanks
    25
    Thanked 0 Times in 0 Posts

    Determining User's Computer

    Are there things on or about the average user's computer which can be used to uniquely identify it? (Using PHP, of course!)

    I am trying to make a "key" that is based on a user's computer, and which is tied to website/file access so that they can't pirate my content.

    For example, let's say user1 pays me $10 for my eBook on PHP.

    If there is no password, then that user could circulate it around the Internet, thus "stealing" from me!

    If there was a conventional password, then all the user would have to do is distribute the eBook and the password.

    But if I could create a "key" that is based on user1's computer, then even if they e-mailed my eBook to 50 friends, the eBook would only open for user1 on user1's computer.

    Follow me?

    Is what I am describing possible?

    I would like to sell content online, but don't know how to prevent people from stealing my content and thus put me out of business?!

    Sincerely,


    Debbie

  • #2
    Regular Coder
    Join Date
    Sep 2011
    Posts
    408
    Thanks
    18
    Thanked 26 Times in 26 Posts
    There's no way in preventing this with PHP. You should look into either creating a program which allows users to view your books, or just make the system web based. There's ways to enable cached content so if the user wants to view the book offline they can.

    Be aware however that no matter what method you try to use there will always be a loophole around it to pirate said content, whether it's downloading/extracting the book, copy and pasting the text, printing the pages and then scanning them, or taking a picture of it, there's no way to stop pirating of e-books. Now if your e-book is only $10 you don't need to worry that much about losing a few sales as I'm sure not too many people would bother with it, however if it's expensive, say $40 or $50, then you might want to look into alternatives.

    I'm not sure if there's apps for this either, which may help cut down pirating, but like I said before there's no way to prevent e-book pirating completely.
    If I've helped you out, show your appreciation by clicking the "Thanks" link as well as a link below!

    AdFly
    Facebook | Twitter
    Google | YouTube

  • #3
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,311
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by Dubz View Post
    There's no way in preventing this with PHP.
    I'll disagree with this bit. There are ways of making downloads very difficult such as using access tokens, checking IP addresses, keeping files in folders above the root www directory and spitting them out via php etc, disabling the token once the download is finished etc. All of this takes a bit of time to put together and get working though.

    The real issue here though is how to stop users from distributing the content once it has been downloaded and I think in reality this is a risk that many webmasters and software houses are forced to accept. Unless you use something like DRM or our own ebook .exe which goes online to obtain permission to run (while sending the users hard drive serial or something) then your content will always be available to anyone once downloaded and shared.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #4
    Regular Coder
    Join Date
    Sep 2011
    Posts
    408
    Thanks
    18
    Thanked 26 Times in 26 Posts
    Quote Originally Posted by tangoforce View Post
    I'll disagree with this bit. There are ways of making downloads very difficult such as using access tokens, checking IP addresses, keeping files in folders above the root www directory and spitting them out via php etc, disabling the token once the download is finished etc. All of this takes a bit of time to put together and get working though.

    The real issue here though is how to stop users from distributing the content once it has been downloaded and I think in reality this is a risk that many webmasters and software houses are forced to accept. Unless you use something like DRM or our own ebook .exe which goes online to obtain permission to run (while sending the users hard drive serial or something) then your content will always be available to anyone once downloaded and shared.
    That's what I meant. Sure you can prevent downloads on your site, but there's no way to stop pirating of digital content 100%, if someone wants to share it they'll find a way.
    If I've helped you out, show your appreciation by clicking the "Thanks" link as well as a link below!

    AdFly
    Facebook | Twitter
    Google | YouTube

  • #5
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,064
    Thanks
    25
    Thanked 0 Times in 0 Posts
    In the physical world, if I wanted to prevent someone from getting into a room, then I'd add a lock.

    If I wanted to make sure only one person could get into the room, I'd need a lock that required a key that only one person could have.

    That either means making the key so hard to reproduce that it couldn't be copied, or making it so only the actual person could unlock things (e.g. biometrics).

    My hope was maybe there is a way to mimic this with computers.

    If Tango buys my eBook/PDF/Online and I require something from Tango's computer to open the book or allow access, then unless yous teal Tango's computer, you or out of luck.

    IP address would never work in the modern world.

    And installing some token on Tango's computer wouldn't work, because he could find the token, and e-mail it to Dubz!

    But if the "key" was derived from physical attributes of Tango's computer, then it would be fairly fool-proof.

    I'm not looking for "impossible to hack", but let's be practical here...

    If I write a book on "How to build your own e-commerce site" or "How to get on American Idol" or "How to escape from the NSA", you know one person will buy it and then distribute it to million of their closest friends, OR write a book with the same content and try to sell MY WORK as their own work?!


    This is probably an old and unsolved mystery, but if I wanted to make a living selling my ideas online, I don't see how that is viable unless you can minimize theft?!

    I might write an awesome 20-page brief on how to write a business plan, or how to incorporate, and then I can just see someone in India or China or Fargo saying, "Hey, good idea, Debbie! Let me copy your work and sell it under my name for the same or lesser price!"

    Makes you want to throw away your computer and do hand-written books instead?!

    Sincerely,


    Debbie

  • #6
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,619
    Thanks
    0
    Thanked 645 Times in 635 Posts
    Quote Originally Posted by doubledee View Post
    My hope was maybe there is a way to mimic this with computers.
    The movie industry has been looking for that for a long time in order to try to prevent theft of their movies as they claim such theft is costing them billions. They haven't found a way to do it yet.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #7
    Senior Coder
    Join Date
    Aug 2006
    Posts
    1,224
    Thanks
    10
    Thanked 269 Times in 268 Posts
    The technology to do Processor ID was available years ago, but the privacy folks had a huge push-back on it. Two competing interests, and the privacy folks won this battle.

  • #8
    Regular Coder
    Join Date
    Jun 2012
    Posts
    132
    Thanks
    0
    Thanked 0 Times in 0 Posts
    In my opinion, what I would do is, allow for only two or three downloads. After that, they'd either have to buy another copy or provide their credit card number.
    I don't think they're gonna spread their credit card number around.

  • #9
    Regular Coder
    Join Date
    Sep 2011
    Posts
    408
    Thanks
    18
    Thanked 26 Times in 26 Posts
    Quote Originally Posted by Suwannee_guy View Post
    In my opinion, what I would do is, allow for only two or three downloads. After that, they'd either have to buy another copy or provide their credit card number.
    I don't think they're gonna spread their credit card number around.
    I do like the credit card idea, nobody is going to spread that around, however then you have to be storing their credit card number ad that might make people a little edgy about it and could be considered malicious if there's no way for them to remove that info. Now I know that you could do this without them knowing but its the principle of the matter. You could run it through a SHA1 and test it that way or something, but the thought of using a credit card number is a little sketchy, especially if it's a small personal site compared to something like Amazon, which has a large (positive) reputation for not being malicious with this information.

    Best bet is to either make a login system, which I would do if you plan on selling more than one thing, or simply only allow it to be downloaded once. If you do the download once only, however, you run into the issue of "What happens if the download is interrupted?". Either way I'd suggest the login, that way yo can at least keep track of it.

    You can't stop reproduction, because PHP is a server side language and doesn't have access to computer details. If you look into creating an application to store your books and allows reading then that might save you a little, or if you do the web based and browser cache version, but there's no way to stop plagiarism when it comes to books.

    Think of it as a luggage lock. Sure you can buy a cheap simple one, or a really nice and expensive one, but in the long run it's still a cheap lock and doesn't guarantee any type of protection to the inside. However, if you got a special case (application) to store the contents you want secure, that would do you a lot better.
    If I've helped you out, show your appreciation by clicking the "Thanks" link as well as a link below!

    AdFly
    Facebook | Twitter
    Google | YouTube

  • #10
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,311
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by doubledee View Post
    In the physical world, if I wanted to prevent someone from getting into a room, then I'd add a lock.

    If I wanted to make sure only one person could get into the room, I'd need a lock that required a key that only one person could have

    ...and the rest..
    Thing is I've covered your sceniario above - I'm well aware of the pitfalls you describe. PHP is a server side language and it has no control at all over a remote machine. The only way to recognise an individual computer is by a cookie but that can be copied and distributed too along with your download. You either write a download system that uses authentication tokens and then disable that token once the last byte has been written or you accept that you have little protection.

    If you do want to write a download system yourself then this opens up another couple of points..

    IF you want to disable that file / token when it's finished then you need to know when the download has finished. In order to do that, you need to use two key functions - register_shutdown_function() and set_time_limit(). This however isn't the end of it because in your shutdown function you still don't know if the user reached the end of the file or just closed the download to resume it later. So you have to manually read the file in a loop and spit it out in chunks - essentially speed throttling however this is the only way you can know in php if the download was finished or not. Then you need to include support for pause and resume (otherwise known as ranges) etc as Dubz mentioned (and yes this can be done via php) however then technically you have a looping script - which many hosting services don't like - another point of concern!

    The downloaded file itself can't really be protected unless it is an executable which reads device hardware numbers - as I mentioned previously. MP3s, movies and tons of other media formats have always suffered from this lack of protection and even MS's DRM (digital rights management) which should have solved this, was a flop too.

    To put it bluntly what you are wanting to do cannot be done, you can only be strict with the actual file downloads.
    Last edited by tangoforce; 06-14-2014 at 11:54 AM.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #11
    New Coder
    Join Date
    Nov 2011
    Location
    Ratio, Logic
    Posts
    60
    Thanks
    3
    Thanked 6 Times in 6 Posts
    Quote Originally Posted by tangoforce View Post
    To put it bluntly what you are wanting to do cannot be done, you can only be strict with the actual file downloads.
    And maybe writing good ToS and protection licence in separate file with unique hash/code of purchase
    that would be stored in DB table. That code should be viewed on user's account with no given optionto user to delete it. Or something like that.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •