How do I protect exposed webGL buffers?

This question continues the security discussion from

Let’s say, you have protected your files from being directly downloaded (by encryption or another technic), there is still the possibility for someone to get the objects geometries from webGL buffers.

What can I do to protect geometries from being copied?

To my knowledge, it exists no standard solution to this problem, but it exists approaches to alter the data and make it unsuable if stolen; almost like protecting an image file with watermarks.

Here are 3 of these approaches, each having its own level of protection, performance and implementation/integration difficulty and they can be combined to improve in overall protection:

  • Bind/merge a signature geometry to the geometry you wish to protect. The signature geometry should share as many vertices with the original one in order to make it difficult to remove if copied. Multiple signatures could be used to increase in protection.

  • Inject the geometry with vertices at specific positions (around the geometry you wish to protect) containing the factor of 2 large prime numbers, pass one of the prime to the shader. If the division of the prime with the vertex position returns an interger then don’t display the vertex.

  • Tag the geometry by shifting the vertices with a unique signature number (with a proprietary algorythm) that could be retrieved if the object is stolen (sort of legal proof).

There are certainly many more ways to secure your objects and the risk of having your work stolen still exists, but by using these methods, you could say that you have at least done something about the problem.


Just to correct this misleading quote, lekxi was me Discourse just didn’t let me change the name.

As i said there is simply no way to protect assets except serving a watermark as preview, code doesn’t even has to be reverse engineered, just grabbing the bare buffers, with textures being exposed in devtools anyway. The only semi-reliable method is branding it with a hidden watermark as i described, but this is only usefull for selling/previewing assets, not for games.

The best watermark/fingerprint for the geometry would be slightly displacing vertices or just a single, different from the original mesh that will be sold, this way there is no obvious garbage in the geometry with it being unknow to the thief what will be different from the original.

Otherwise as long as you’re not working on a platform like Sketchfab this shouldn’t be a subject to spent too much time and resources into. I’m using a proprietary format, which is clearly enough to prevent the absolute majority from theft, unlike if you were using a common format such as GLTF or FBX.

If you do work on a platform like Sketchfab, i would do the watermark approach plus changing the code, possibly in intervals of the encoding and decoding in order to prevent people creating tools they sell for mass theft, as it happens with Sketchfab with asset grabber even being shared on github. But for something like this i would go an entire differently route anyway that doesn’t even transfer the assets to the client.

To address the topic title: you could obfuscate the buffers to prevent straight grabbing them, but this is over the top for games, but useful for asset previews. Geometry can be encoded with displacements the vertex shader can place in the correct position again, for textures this is more complicated as you will have to do the linear interpolation yourself making sure every sample is decoded, or for displaced texels the right texel being sampled from.

1 Like