Skeeve has asked for the wisdom of the Perl Monks concerning the following question:

The subject already gives a hint for the idea I had. But let me explain a bit further. Maybe someone has a better idea?

A friend of mine has a homepage where she presents some photos. She already password protected that realm on the server (.htaccess) but still some unfriendly users spread her pictures on the net.

My idea is to code into the picture the name of the user who loaded it. Can anyone recommend perl librarys being able to do that? Or has anyone of you a better idea to find out who spreads the pictures?
  • Comment on Find the thief: CGI & JPG & hidden info

Replies are listed 'Best First'.
Re: Find the thief: CGI & JPG & hidden info
by matija (Priest) on Feb 27, 2004 at 19:30 UTC
    Well, to find out who is spreading pictures, you will need to modify them on the fly, giving each user a different file. You could modify the EXIF information, but that is easily visible, and easily changed once the users suspect something is going on. Still, you would probably catch the first miscreant with this trick. (For perl bindings, look to Image::EXIF).

    After that, you will need to be more clever. The practice of hiding messages in plain sight (such as in the slight increase of noise in a particular picture) is called steganography. If you google for it, you will get loads of theory, and some code, including steghide, a program designed to hide messages in pictures.

    Your script would need to call steghide before each download, and hide the string "downloaded from foo by user bar".

    I suggest including the name of the site just so the miscreant doesn't try to explain that he signs all "his" pictures with his username.

    I'm sorry, but I couldn't find perl bindings for steghide.

[reply]
[d/l]
Re: Find the thief: CGI & JPG & hidden info
by b10m (Vicar) on Feb 27, 2004 at 19:10 UTC

    You may want to hack around with Image::Magick, or (to make things a little "easier"), run your image through something like stamp.

    Update: The options above will create visible text on top of your images, JPEG::JFIF, or JPEG::Comment can edit the "hidden" data. Then again, if you can change it, so can the abuser. I'd go for a small visible text line (that will scare the abuser a lil' too :)

    HTH

    --
    b10m

    All code is usually tested, but rarely trusted.
[reply]

      Of course even something like that's not going to survive a crop or someone going in and removing the image tags (as you noted). To really do something like this you'd want to look into something like Photoshop's watermarking plugin that's much harder to remove. It depends on how determined you are to mark the image (and how determined the swiper is to swipe ("Swiper no swiping!"</Dora the Explorer>; yes, I have young children why do you ask? :)).

[reply]
Re: Find the thief: CGI & JPG & hidden info
by valdez (Monsignor) on Feb 27, 2004 at 19:38 UTC

    This is an implementation of what was suggested in the nodes above:

    #!/usr/bin/perl
# filename: marker.pl

use JPEG::Comment;
use File::Slurp;
use CGI;

use strict;
use warnings;

my $images = '/path/to/images';
my $q = CGI->new;
my $username = $q->remote_user;
my $path_info = $q->path_info;
my $filename = "$images/$path_info";

if (-e $filename) {
  my $image = read_file($filename);
  print $q->header('image/jpeg');
  print jpegcomment($image, "Downloaded by $username");
} else {
  print $q->header( -status => '404' );
}

exit;

    [download]
    This script should be called this way: <img src="/cgi-bin/marker.pl/image.jpg">. All the comments you have read apply to this solution; please note that you should check the obtained $filename to avoid possible problems; remember that served images should not be visible directly.

    HTH, Valerio

[reply]
[d/l]
[select]
      You didn't binmode STDOUT before writing that file to it.
[reply]
        Yes, he did; it just looked like this: use CGI;
[reply]
[d/l]
Re: Find the thief: CGI & JPG & hidden info
by waswas-fng (Curate) on Feb 27, 2004 at 19:17 UTC
    You can use this type of app to hide data such as a unique key in you jpg, just use a cgi to display the jpg in a img tag and have the cgi sign the jpg with a unique identifier, log it to a database -- and when you find the pictures in the wild see if they are marked.


    -Waswas
[reply]
Re: Find the thief: CGI & JPG & hidden info
by bart (Canon) on Feb 28, 2004 at 09:43 UTC
    While we're busy recommending modules, I'll advice you to take a look at Image::IPTCInfo. That module is capable to extract and insert the metadata-info in image files, in the various formats that Photoshop has used over its generations. For example, for the latest Photoshop incarnation, that is the XMP format (a 100k PDF file), XML embedded into image files.

    OTOH, when we're talking about thiefs, I don't think this kind of mark is even remotely robust.

[reply]
Re: Find the thief: CGI & JPG & hidden info
by zentara (Cardinal) on Feb 28, 2004 at 16:48 UTC
    Personally I think you will be wasting your time trying to do this, unless the "thief" is a real dummy. Even if you mark everything, even with stenography, whats to stop the person from making a copy by "taking a screenshot", which will filter out the hidden data?
    I'm not really a human, but I play one on earth. flash japh
[reply]
Re: Find the thief: CGI & JPG & hidden info
by jao (Acolyte) on Feb 28, 2004 at 02:48 UTC
    what about adding watermarks instead?

    UPDATE: I meant a dinamic one. Inserted once the image is (saved | uploaded | something like it)...

    Best regards,

    - jao
    web developer
    http://dev.geekadelic.com
[reply]

Back to Seekers of Perl Wisdom