Browser-sniffing, Stupidity, and Context menus
My attention was drawn to a site called Stockholm Gamla Stan (Stockholm Old Town). The site is available in both English and Swedish, and has the ambition:
…to give you as a guest and visitor all the necessary information about the Old Town in StockholmStockholmgamlastan: Welcome to StockholmOldTown
All very laudable. But unfortunately if you try to view the page in the Opera web browser, you don’t get to see it, because it detects the browser you are using and instead sends you over to this page:
Opera Software ASA is the name of the Norwegian company that develops the excellent Web browser Opera.
However, the stealing of images, text, software i.e. on the Internet is a problem for serious web publishers and others. We believe strongly in a open Internet without or with small limitations but we need to have som basic rules. Not stealing is one of these according to us.
Opera Software ASA is curently not working together with other major web browser producers in making it possible by programming the browser to disable the right click function on the mouse.
It would be petty to criticise them for slightly odd English (for example, why does the second paragraph start with “However”?) because we’re all capable of the occasional linguistic mangling, and besides which their English is a damn sight better than my Swedish, so I’m in no position to talk.
However, basically what they are doing is using javascript to disable the context menu (which could, technically, actually be left-click, if you’ve reconfigured your mouse), because they are worried that people will right-click on the context menu and choose ’save image’. They don’t want people to be able to download their images, so they want to ban the context menu.
I am undecided whether this is madness, stupidity, or simply lack of knowledge. Here, take my hand and I’ll explain…
Unfortunately, the context menu doesn’t just contain “save image”. It also allows you to do stuff like “add to favourites”, “open link in new tab” (Internet Explorer); “bookmark this page”, “view page source” (Firefox);
“bookmark page”, “reload”, “edit site preferences” (Opera); “inspect element”, “open in new window” (Google Chrome). If you allow javascript to ban the context menu, you don’t just ban saving images, you ban this whole raft of other useful things.
And they aren’t the only ones who do this. Quite by accident, I discovered that the otherwise excellent unofficial fan site for Newcastle United, nufc.com does pretty much the same thing: if you try to use the context menu, and you have allowed javascript to run, you instead get the pop-up message “gerraway, man”.
Only I hadn’t actually noticed this before, because I do a lot of my browsing in the Firefox browser with the NoScript plugin, meaning that I don’t allow javascript to run by default, it only runs on specifically approved sites (where I feel I can trust that the javascript is not malicious, and the javascript is necessary for the site to work as I want).
So normally when I’m browsing, I can grab images easily enough by right-clicking and choosing “save image as”, should I want to. Or, as in this particular case, I could simply press CTRL + PRT SCR to take a screen grab of the screen (or ALT + PRT SCR for the current window).
Unlike the Stockholm Old Town site, fortunately nufc.com have at least sufficient good sense not to somehow attempt to ban me from the site for browsing it with Firefox (or Opera, for that matter). I don’t know whether this is just because they can’t be bothered, don’t know how to, or because they actually realise realise that if you don’t want people to be able to get access to your images, the only way of doing it is not to put those images on the internet in the first place.
Stockholm Old Town goes one step further, using javascript to load all of its images. This does have some drawbacks. Firstly, if I was arriving as a genuine tourist, browsing as I do with Firefox and NoScript, the site would look like this:
In other words, a bit shit. I would then immediately leave, deciding that it wasn’t a very professional site, and go off to find a tourist site put together by someone who actually knew what they were doing.
Contrast this with the much nicer presentation if javascript is available (I was going to supply a screenshot, but seeing as how I know they get huffy about their images being used, I’ll just direct you to look at their site.
And quite apart from the fact that disabling the context menu (or barring Opera users from visiting) does a lot more damage than just ’saving your images’, the point is that it doesn’t actually work anyway.
There’s two key reasons for this. Firstly, there’s the Opera browser itself. Do you know how easy it is to un-ban yourself? It’s piss easy. All you have to do, using opera is:
For those of you without the video, the steps are:
- Right click to bring up the context menu
- Choose ‘edit site preferences’
- Select the ‘network’ tab
- Change the browser identification to either ‘mask as firefox’ or ‘mask as internet explorer’
See, easy, isn’t it? And by all means try it for yourself on any browser-sniffing site. And because Opera is then telling the site that it is Firefox or Internet Explorer, there is nothing the site owners can do about it unless they also wish to ban both of these browsers…
That’s the first reason: if you are using Opera, you can get round it easily enough, so there is no point even attempting a ban.
The second reason is that in order for your browsers to be able to load the image on your screen, it needs to be present on the net. And there needs to be a reference to it. So if I decided I really liked the image on their front page and wanted my own copy of it, I could get it anyway. This is the bit which requires knowing how the net works, but those building sites and using other peoples’ images are likely to know this, otherwise they wouldn’t be building sites in the first place.
So, for this method:
- Visit the page in question. Determine which image you like
- View the source code of that page (FF — View/ Page Source; IE/Opera — View/ Source)
- Find the URL of the image in question and go to it
Only in some cases, the images aren’t actually in the page source in this case, they are in the CSS source. So instead after viewing the source code you have to:
- Visit the page in question. Determine which image you like
- View the source code of that page (FF — View/ Page Source; IE/Opera — View/ Source)
- obtain the URL of the CSS file(s).
- visit them, determine the URL of the relevant image
In the case of Stockholm Old Town, it’s different again, because the images are actually inserted into the page using javascript. But just to prove that if someone really wanted to, they could get the image…
- Visit the page in question. Determine which image you like
- View the source code of that page (FF — View/ Page Source; IE/Opera — View/ Source)
- Read through the javascript files to determine which one contains the images you want.
- Once you’ve found the right one, simply visit the URL of the image. Hey presto, there’s the image, out of context, available to save and without any javascript
Not that I am suggesting anyone should use someone else’s images without seeking permission (except in a ‘fair use’ context, which certainly doesn’t include taking someone else’s images to use as decoration on your site). I am merely pointing out that trying to prevent people getting access to them by doing stuff like disabling the context menu or banning Opera is ultimately pointless because:
- The context menu serves many useful purposes, not just saving images
- Various bookmarklets and things are available for people to re-enable right clicks
- You can change how your browser identifies itself to websites (it is particularly easy to do in Firefox and Opera), getting round a ‘ban’ on a particular browser
- If the image is going to be served to your screen, there will be a path back to it in the source code, which people can follow. You can make it more convoluted, but it must be there, and ultimately people can follow it to your image.
Banning the context menu inconveniences people, doesn’t really do anything for your image protection and basically just tells me that you don’t really ‘get’ the net…
Seb Crump says:
April 24th, 2009 at 8:19 am
What utter nonsense (them, not you Jack
It’s so reminiscent of the rather futile ‘copy protection’ measures the record industry try to impose and the anecdotal evidence* that it can actually increase the amount of ‘piracy’.
Perhaps they should ban Mac users too (I know you’re not a fan, so may not worry about that), because looking at any site in Firefox/Safari I can just left-click on any image to select it and drag it to the desktop to save it. Can’t remember whether you can do that on some Windows browsers or not.
*well I remember it being touted as a ‘belief’ by some - sorry can’t find a reference at the moment
EduWeb says:
April 24th, 2009 at 9:17 am
There’s also FireFox’s View Page Info and the Media tab, which lists all images on the page and allows you to save them on your computer.
No special knowledge required.
Peter Wardley-Repen says:
April 24th, 2009 at 9:48 am
There’s also the time-honoured method of saving the whole page and grabbing the pic out of the resulting “files” folder. Which, ironically, doesn’t work in Opera on the Stockholm site!
BTW, Seb, on the subject of DRM and music “piracy”, you might find this interesting:
http://www.guardian.co.uk/music/2009/apr/21/study-finds-pirates-buy-more-music
It seems increasing the amount of piracy is actually good for the music business!
James Coltham says:
April 24th, 2009 at 12:24 pm
Or there’s the easy-peasy ‘print screen’ method, which you can then dump into any basic graphics package, crop and save. With that you can grab anything that displays on your screen - be it an image, part of a Flash animation, a frame of video etc.
This type of hacky solution does far more damage than good, is easily circumvented, and I’m amazed that professional developers still consider it a viable solution at all.
Patrick H. Lauke says:
April 24th, 2009 at 2:19 pm
And my top reason for hating sites that try to disable context menu: it messes with mouse gesture navigation in firefox, which I pretty much rely on all the time.
Stuart Harrison says:
April 24th, 2009 at 2:42 pm
Seb, dragging the image works on Windows too. I’ve successfully stolen an image from the Stockholm Old Town site by changing the window size and dragging the image to the desktop. Silly, silly, silly people. If people want to nick images they’re going to, what’s the point in making life more difficult for honest people just to protect a few low resolution images? It’s even more stupid than music industry DRM.
Martin Kliehm says:
April 24th, 2009 at 2:42 pm
If they really wanted to prevent people from “stealing” their pictures they could check the referrer on the server side. Client side browser sniffing and disabling the right click is annoying. I commented on their contact form and had to disable JavaScript just to change the dictionary language of my spellchecker - another selection that is available by right-clicking.
A dumb assumption is that users have a choice of switching their browser. As a tourist it might be not too far-fetched to assume someone could visit the site on a mobile phone. Now about a trillion phones have Opera installed as their browser, how would you switch to another browser then?
John H says:
April 24th, 2009 at 7:40 pm
“…if you don’t want people to be able to get access to your images, the only way of doing it is not to put those images on the internet in the first place.”
Absolutely!
Quite depressing how far people will go in their attempts to break the web - not just their own sites but everyone else’s as well, since they’re trying to force all browser developers to do pointless or impossible things.
Divya says:
April 25th, 2009 at 3:47 am
Boy what a group of nitwits! If they want their images not to be stolen, they could have simply made them into swf files or like flickr use a transparent image overlaid on top of the image to deter non-serious users (of course, firebug is enough to remove this).
Curiously, now that site when visited in Opera just redirects to opera.com with no link to the opera.php you linked. I wonder why.
JackP says:
April 25th, 2009 at 3:55 am
Hmm. Yes, they have changed the redirect, but oddly enough the opera.php page is still there and can be seen if you visit in another browser (or mask opera).
Steve Pugh says:
April 25th, 2009 at 10:24 pm
“I am undecided whether this is madness, stupidity, or simply lack of knowledge.”
The script they use to disable the context menu dates from the last century (http://www.stockholmgamlastan.se/script/protect.js - document.layers was only ever supported by Netscape 4).
A request for robots.txt returns a 404 (so how will they keep their precious images out of search engines? - http://images.google.com/images?q=site%3Astockholmgamlastan.se).
I’d go for simple lack of knowledge.