I apologize if this is a stupid question. I’ve only recently stumbled upon Three.js – props btw, this is an amazing project.
I’ve got a client who is curious about making an animation viewer. I’m wondering how others have gone about this, with security in mind. My client sells animations, and my main question is, how does one prevent people from ripping the object/animations from the player? Surely the object itself is loaded into memory in order to display client-side?
The animations only like mocap files or the model itself? As long as it’s client side there is no possible 100% protection, but you can obfuscate a lot.
First don’t use a common format such as gltf, as these can be used without any effort. For models you can’t protect them if you deliver them as they are, as regardless what encryption they need to be decoded to their plain buffers before they can be uploaded to the GPU, using THREE one could even just call toObject on your model from the console.
If you look at other platforms such as Sketchfab they still are able to sell models, they obfuscate it to some degree, however at the end if you didn’t purchased the asset / a license for it and you use it in anything popular, you will risk of getting caught and paying far more than the original cost.
As it’s not like with games or movies some people pirate for private use, such products are made to be used in public, similar to stock photos you have to credit or be able to prove you purchased the license.
So a advanced level of obfuscation with a custom format, delivered in random chunks maybe, letting the devtools crash when opening and making the license conditions clear are reasonable measure, much more isn’t possible, ultimately you could only remote render the viewer server side for maximum security. Using watermarks or lower resolution/tessellation would be counterproductive for the actual purpose.
Agree with @Fyrestar
I remember there was a detailed answer on StackOverflow, how to render and stream it to browser: https://stackoverflow.com/a/26934891/8742287
You could programmatically add some branded geometry inside the models, much like they do in stock image platform :
This “shutterstock” in the middle of the image will not prevent anybody with photoshop skills to use the image, but it will entice to spend the little money to buy it instead of taking the time to remove the text with photoshop…
As long as the geometry is sent client-side - there’s not too much you can do. You do have options, like watermarking, but they will be limited.
Personally - I think I would try obfuscation as my first choice. You can write a pre-processor for models on the server-side that would distort geometry and animations in a very severe but completely reversible way. Like applying something as simple as:
f = x*2 + 1
You can and should make that a lot more complex, but the point is to make the source data “hard” to use without your player. Obviously the process can be reversed by anyone, but it would be a pain.
The direction is towards making the ripping more and more pain. This way, most thieves would just give up and look for easier ways of making a buck.
It’s fine for pictures but having a repeated watermark across the textures or even geometry would give a bad impression and might make some models look horrible.
Embedding tiny unique invisible data can help for protection though, as well as encoding data into the textures, only for the preview versions of the viewer. This way it makes it easier to validate them in the wild without having to contact them, as it’s rather unlikely customers put any credits somewhere.