What's the best way of stopping users from copying and pasting text from a web app?

Question

The site I'm working on displays some proprietary 3rd party data that's quite valuable. As such they want to stop people copying and pasting their information. They understand that, of course, there's nothing we can do to stop users just writing down info or printing it off, but they want to make it as difficult as possible for their data to be taken. The other big concern is performance. The site sees a healthy amount of activity, so keeping it snappy is a big deal.

I was hoping to get a bit of feedback from you guys on the best way of accomplishing this

Some potential solutions that have been suggested:

1. Use a bit of javascript to stop users hitting ctrl / right clicking (irritating and won't stop more advanced users)
2. Use flex (very slow, but very safe since the data is binary)
3. Create or find some funky html to image converter and display the data as images

Your thoughts and opinions are very welcome.

Thanks in advance!

Answer 1

It is a tricky situation, since this is the web...

You could use a very small bit of flash to display the sensitive data, which you'd have complete control over, and if it's small, shouldn't hurt your download times. This would probably be my preferred method.

Option #3 would stop people from copying and pasting, but it wouldn't stop them from downloading the image. I'm not sure if that matters to you.

Do you need to serve audiences that have javascript turned off? If not, you could use AJAX to pull the sensitive information in the first place, then use a script to stop them from copying that div or whatever.

Answer 2

Charge the users for access to the information.

You can try all sorts of code workarounds, but you really aren't going to stop anyone who is determined. By charging, you limit access to people who really need the information and if they copy it, then at least you've been reimbursed. It also filters out a lot of the people who would use it maliciously. Also, put a legal notice on the information detailing how it can be used so that you can follow up copiers with legal action if necessary.

Answer 3

You might want to check out Tynt Tracer. It doesn't prevent copying, but at least allows you to track where it's going...in part anyway.

Answer 4

You might look at the option 1, as a "bare minimum" way of doing it, but admittedly it isn't a great option, as simply disabling JS gets around it.

Your third idea would also work, but you can actually make it easier to save by going to the image and the way they are stored in temporary internet files.

Also, as a side note, to prevent printing you might want to specify a print only CSS that hides all content.

body {display:none;}

It isn't perfect, but again stops the casual user from printing.

Answer 5

Even with the javascript option, the user could still view source and copy the information from there very easily.

I would recommend using flex if that's a valid alternative. Of course, this still doesn't stop them from using screen captures...however, there is really no way around this.

Answer 6

Charging money for the content is a good answer, but I'm guessing you're already charging for the content.

#2 is clearly the most secure option, and the most flexible, allowing you to really punish yourself as much as possible as well (do things like implement over the wire encryption etc...) So it should come as no surprise it is also the most expensive to implement.

Given, someone can just decompile your code and inspect memory, but at that point, it is doubtful you are going to stop anyone.

Answer 7

Offer the information for download in password protected pdf, where the only thing that they can do is to view it, no printing, copy paste, etc. Although you can't stop a print screen. Primo PDF can do that for you and is free. http://www.primopdf.com/

They key here is the that effort it takes to bypass any solution you choose, is greater than the value of the information you are trying to protect from being copied.

Answer 8

This really sounds like a serious problem with the origins of the question. If this is something that shouldn't be easy to copy, why is it visible at all?

If its really proprietary, why is it a good idea to post it on the web?

Seems that an internal webpage would be more appropriate.