Why you cannot protect your source code and files

[traq]

1. A visitor must download and save your source code on their computer in order to view your web page. If they don't have the source code, they don't see the site. Same goes for images. It's as simple as that.

2. There are scripts, etc. that "hide" the source code from the visitor (encoding, no-right-clicking, transparent image overlays, file save redirects, etc.), but all rely on client-side scripting (e.g., javascript) to do it, so any visitor that realizes this can simply turn it off. Again, once someone can see your webpage, they already have your webpage.

3. There is some webservice called copyguard (or something like that) that takes your source code and compares it to the rest of the web on a regular basis, and alerts you if it finds a copy on someone else's site. That still doesn't solve anything unless you're willing to take legal action, however. And I don't know how much it costs. On top of it all, what's to stop someone from copying your source code, buying this service, and then accusing you of stealing from them?

4. Speaking of going to court (and no offense intended), your (or anyone's) source code is probably not worth protecting anyway. I'm not getting into the whole "philosophy of open sharing of information that the internet is based on" issue; html is just html. You may have some awesome server-side crap developed that's worth holding on to, but it outputs normal html and can't easily be "stolen" anyway (if your server is set up properly, that is).

Edit: for the benefit of the readers, I'm pulling some of the good responses from below into this post.

5. There are some ways to make it harder (but not impossible) to steal the code. Doing this DOES NOT WORK, because people who steal are good at stealing. These ways will only annoy your normal friendly visitors and NOT STOP the thieves[emphasis added] who know how to get around anything you can do.

6. It is possible to make it very difficult to find the actual files for embedded videos (and audio files) displayed on a page through flash. youtube is an example of this. However, it is STILL possible if someone is motivated enough and has enough skill to determine where the original file is. Images, however, won't work this way, because you can always take a screen capture. Doing that frame by frame for a video would be a pain. And for audio it is just a matter of recording the computer's output and you have a copy of it, though saving the actual file may be hard.

7. A copyright notice will always do more good than trying to stop people from stealing[emphasis added]. However, that means you will need to take legal action if someone does steal, and even big companies really can only send a "cease and desist" letter threatening legal action... if still nothing is done it might make it to court, but that is rare. Generally the internet is just an open place for sharing information, and that's how it works, nothing you can do about it.

8. If someone is stealing your content actively and clearing breaching copyright, you can contact the ISP or host of the individual and they may be able to shut down the account.

...Though touched on, many folks will be happy to stop using your material if you just email them and ask. If that doesn't work, an email to their ISP will often do the trick. If both of these fail, one can threaten legal action, or merely point out that the activity is illegal. None of that costs anything more than your time, and a bit of nerve.

Also, for important work one can do various things to ensure that what is on the web doesn't comprise the whole of the work[emphasis added]. Like with images - go low res &/or watermark. For various text, video, and audio works, only give excerpts, samples.

[certain HTML encryption systems] can make it a bit more difficult to steal source code they can also make it impractical for search engine optimisation.

I have seen examples of encrypted HTML sites where the search engine listing for the site is also encrypted.

Not really what we're trying to achieve!

[djr33]

5. There are some ways to make it harder (but not impossible) to steal the code. Doing this DOES NOT WORK, because people who steal are good at stealing. These ways will only annoy your normal friendly visitors and NOT STOP the thieves who know how to get around anything you can do.

6. It is possible to make it very difficult to find the actual files for embedded videos (and audio files) displayed on a page through flash. youtube is an example of this. However, it is STILL possible if someone is motivated enough and has enough skill to determine where the original file is. Images, however, won't work this way, because you can always take a screen capture. Doing that frame by frame for a video would be a pain. And for audio it is just a matter of recording the computer's output and you have a copy of it, though saving the actual file may be hard.

7. A copyright notice will always do more good than trying to stop people from stealing. However, that means you will need to take legal action if someone does steal, and even big companies really can only send a "cease and desist" letter threatening legal action... if still nothing is done it might make it to court, but that is rare. Generally the internet is just an open place for sharing information, and that's how it works, nothing you can do about it.

8. If someone is stealing your content actively and clearing breaching copyright, you can contact the ISP or host of the individual and they may be able to shut down the account.

[forum_amnesiac]

I totally agree with traq and djr33.

The only thing that I want to add to this thread is a comment about certain HTML encryption systems.

Whilst they can make it a bit more difficult to steal source code they can also make it impractical for search engine optimisation.

I have seen examples of encrypted HTML sites where the search engine listing for the site is also encrypted.

Not really what we're trying to achieve!

I added this to the original post yesterday, traq suggested I added it here as well

[jscheuer1]

I think the difficulty of the legal option is being exaggerated here at the expense of common sense things you can do yourself. Though touched on, many folks will be happy to stop using your material if you just email them and ask. If that doesn't work, an email to their ISP will often do the trick. If both of these fail, one can threaten legal action, or merely point out that the activity is illegal. None of that costs anything more than your time, and a bit of nerve.

Also, for important work one can do various things to ensure that what is on the web doesn't comprise the whole of the work. Like with images - go low res &/or watermark. For various text, video, and audio works, only give excerpts, samples.

[traq]

Very true.

Of course, the best way to protect your files is to not post them online in the first place, but I've stopped offering that as a solution because people usually accuse me of being a smartass.

[jscheuer1]

Very true.

Of course the best way to protect your files is to not post them online in the first place, but I've stopped offering that as a solution because people usually accuse me of being a smartass.

With good reason, that completely defeats the purpose of sharing or promoting your content. Some of my suggestions go nowhere near that, those that do still allow for partial sharing and total promotion. In these matters it can very often be important to see these distinctions.

[traq]

of course, I completely agree. (About your suggestions being valid, not about my being a smarta$$). Since you can't protect the content you serve, the best course of action is often to serve alternate content (that you don't mind losing control of).

I certainly didn't mean to belittle your suggestions; I hope it didn't come off that way.

[jscheuer1]

I certainly didn't mean to belittle your suggestions; I hope it didn't come off that way.

Not at all. I just wanted to emphasize the difference between my suggestions and the idea of not going public at all, because there is a major difference, and others (if not you, I wasn't sure - now I am - definitely not you) might otherwise get confused.