Is There any way to protect the Videos inside Cloudflare for downloading?

I konw that we can set the URLs for authorized reproduction videos, but how can we protect them from downloading?

Thanks a lot for your help

Felix

By downloading do you mean taking a copy for offline viewing? Without DRM, that is not possible on any platform. HLS video (.m3u8) can be trivially downloaded by pretty much anybody.

Cloudflare Stream offers some protection tools which can help prevent some unauthorised redistribution, but if a user is allowed to view it, you cannot stop them from downloading it for redistribution unless you apply DRM (which Cloudflare Stream does not provide)

4 Likes

Michael is totally right.

But your question also depends on the meaning of the word “protect”. Are you aiming a 100% protection for any user streaming the content?
Well that doesn’t exist… 'cause anybody can simply record their screen and create an mp4 from your video.

Are you aiming a protection from download for 99% of the people (not tech savvy)? Well, Cloudflare allows for that through what Michael mentioned briefly.
Here more specifically:


a) Signed URLs
You need to code something yourself to allow for signed URLs from your website to CF Stream. If you use Wordpress, there is a WP plugin (paid) that offers for that.

This is kind of techy to explain.
To put it simple, this is a way CF Stream uses to hide the video ID. Only a time-bound token is shown on the page with the player someone see in its browser.
But ticking the box only won’t protect a thing… and won’t let your videos to stream unless you get the plugin (for WP) or you code something specific your end (for Drupal, Joomla, plain code website, etc)!

b) Allowed origins
Here you basically need to specify the websites where your streaming can happen. This will allow you to prevent anyone taking the ID or the streaming URL and paste it e.g. in a forum letting your videos to stream from anywhere! So, if you want to stream your videos from xxx.com only you need to insert xxx.com in the “allowed origin” field. If you want to stream from multiple websites, just separate them with a comma.

I personally tested those 2 CF Stream protection methods and I must say it’s really hard for the videos do be downloaded. I tested with JDownloader, many browser extensions (e.g. downloadhelper) and any classical online websites to download videos offline… and none of them managed to download my CF Stream protected videos :wink:

To wrap it up: if you activate signed URLs and Allowed Origins, I think you protect your videos for 99% of people around the globe. Still, you will always have that 1%, tech savvy guys that will be able to download your videos.

2 Likes

Could you share the name of the paid Wordpress plugin you talked about?
The only one I found out is this one: Cloudflare Stream Video – WordPress plugin | WordPress.org but this is not a paid wordpress plugin

I believe the “paid” version being referred to is discussed here:
Cloudflare Stream and video protection in Wordpress

@dj_saxa references a blog, in which you’ll find a link to the “paid” plugin’s website.

The “paid” version mentioned in this topic, was mentioned in reference to signed URL support. For what it’s worth, I modified the official Cloudflare Stream plugin to support signed URLs and made it available here:
Github - Cloudflare Stream for WordPress

Note, only the shortcode method of adding videos is supported (not the Gutenberg block) and it will always use a signed URL. To make the video secure though, you need to at least make sure Require Signed URLs :ballot_box_with_check: is set in your Cloudflare Stream dashboard for each video. This will make the video ID useless to anyone else who tries to use it.

I’d also recommend setting allowed domains (your website) in the dashboard as well, for each video.

It’s called cfpower tools or something, if you google it you will find it.

I’m hoping they get moving a little quicker with allowing embedding in Patreon, because the Allowed Origins would solve my piracy problem, but only if Cloudstream can allow embedding there. Otherwise it just opens up a link for my Patrons

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.