Why should you consider securing your content?
- because your content is confidential and should only be seen by certain people
- because it must not circulate outside a specific context
- because it must not be shareable or downloadable
- because you charge for access
- because you are concerned about having to pay for data transfer due to unauthorized integrations
To secure a video, there are several methods that can be combined, knowing that absolute security does not exist: A person authorized to play a video can always make a screen capture (a “screencast”) using an application or a camera), to redistribute it illicitly.
Available security solutions:
- protection by referrer, which restricts playback to a list of sites (domains).
- IP range protection, which restricts playback to specific computers or as part of a home or office network.
- password security
- token security, which limits video playback to a device, an IP address and a time interval
- a combination of token security and referrer or IP security. To achieve this token security must be activated with the dynamic generation of tokens enabled, while the IDs of authorized referrers or IP groups are passed along in the player URL.
Example of a video secured by token and referrer: the player verifies that the page which integrates it is an authorized referrer before generating the token. This security mode does not require any programming.
Note that…
- If facebook.com is an authorized referrer, the video can be shared and redistributed without limitation. The data transfer (also called bandwidth) from playback originating from Facebook will be consumed from your account.
- If an IP range is specified, playback from a mobile device will not be possible because the range of addresses allocated by the mobile operator will not be allowed.
About bandwidth theft
If you allow sharing a video or communicate its embed code, you implicitly accept to bear the data transfer costs associated with playbacks from third-party sites.
If you do not activate the share button on your player, it remains possible for a web user to analyze the code of the page and copy the player code to integrate elsewhere. The data transfer will be consumed from your account. If you want to prevent it, you will have to apply a security by referrer.
If you have integrated the video in HTML5 without using the Streamlike Player, your streams will be visible and downloadable. Any download will increase your data transfer consumption. Again, if you want to prevent it, you need to apply a security referrer.
Bandwidth theft is usually detected by analyzing the origin of the audience of a video, when it has been integrated with its player. If it has been integrated with another player or if it is downloaded from the URL of an mp4 file, the origin of the playbacl will not be detectable but you will observe excessive data consumption.