Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dealing with Deep-Linking to Your Online Photos?

Posted by Cliff on from the content-snagging dept.

Pig Hogger asks: "I've had my own hobby website since 1993, and over the years it has expanded to be quite a reference for the domain I am covering (some pro websites list it as additional reference, and so does Wikipedia. Google page-ranks it amongst the top). Every so often, I peruse the logs, most especially looking at the referrers to see where people come from, and once in a while, I notice that some webloggers deep-link to an image on my site. I do not mind too much when it's on-topic, but when it's not *AND* it's sucking-up bandwidth, I tend to be irked. Or worse, when you can't go look at the referring page without registering on the weblog site. In those cases, I change the picture filename (and the corresponding webpage that calls it), and I substitute a smaller (and most often, naughty) picture. What other tricks those of you are facing the same problem have to address this problem?"

11 of 139 comments (clear)

  1. Get over it. by LittleBigLui · · Score: 2, Insightful

    "Deep linking" is what makes the web the web.

    --
    Free as in mason.
    1. Re:Get over it. by Anonymous Coward · · Score: 2, Insightful

      Show us where it says "Must allow deep linking no matter the cost in bandwidth" in the Internet Constitution.

    2. Re:Get over it. by Daniel+Dvorkin · · Score: 4, Insightful

      What makes the Web the Web is hyperlinking, period. Using an image at another site on your own page isn't the same thing.

      I kinda sorta halfway agree with you about "deep linking" in its original sense: if there's a really good page at http://www.bigco.com/foo/bar/spam/eggs/x/y/z.html, and you want to have a link on your page that says "Click here to read this really good page," it's really dumb for BigCo Inc.(R)(c)(tm) to force you to link to the main page at bigco.com so people have to navigate through their site to get to the page in question. That kind of thing is a violation of the spirit of the Web, I agree. But neither BigCo nor (more often) some guy running a site out of his basement on a 256k DSL line is obligated to be your image hosting service.

      --
      The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    3. Re:Get over it. by digitalchinky · · Score: 2, Insightful

      That sounds a little like me port scanning your system without permission, finding a hole, busting in, then using your webserver for my own world domination plans - complete with 500 gigabytes of transfer per day.

      Nothing in any internet constitution to prevent me doing that. You left the door open. Not everyone lives in the US, not everyone has a legal system in place to deal with or care about exploiting overseas computer systems. (I live in Asia)

      Getting over it is not always an option for some. I'm certain you'd be pissed if I did that. Remember, your laws don't apply to what I do.

    4. Re:Get over it. by Lehk228 · · Score: 2, Insightful

      because embedding other people's images costs them money you dumbfuck, image hosts (except for shitty ones) usually cost money, and to avoid paying for hosting some jackasses decide to use other people's servers to take the hit for them.

      --
      Snowden and Manning are heroes.
  2. Copying photos vs. deep-linking by JavaRob · · Score: 2, Insightful

    Preventing people from *copying* the images is a completely new challenge, and fortunately most people don't worry about that too much.

    Deep-linking is more dangerous than copying, because it can unexpectedly cause vast increases to your bandwidth if the image is redisplayed in a more popular location.

    Copying... well, it's annoying if someone else uses your photo on a site w/o crediting you, and especially annoying if they are selling prints or something like that, but neither one costs you money (remember, you were displaying it for free), and in both cases they are violating copyright, so you can complain to their host with some reasonable hope of action.

    If you're actually a good photographer and are *selling* those photos, then you need to look into ways to make them hard to copy. The obvious is only letting people preview a low-res or plainly watermarked version. You can use that annoying trick of catching the right-click event in JavaScript and popping a copyright reminder notice. You can display a transparent gif *over* the actual photo (defined in CSS instead of an image tag), like Google does for their photos of copyrighted book pages.

  3. Re:Use a CGI script to block them. by pv2b · · Score: 2, Insightful

    So you can tell wget to lie to the web server when raiding your favorite web page for images.

    That's not what the person asking the question asked for. He wants to stop sites from deep-linking his jpegs, not protect his nuclear launch code CGI to be used only from his own home page.

    A simple filter which would require the referer to be on his web site would pretty much stop his problems anyway. The people deep-linking to his web site write their web pages for browsers with <img src> tags, and as far as I know, you can't in HTML tell the web browser to fake a referer header. Then again, I'm not a HTML-head...

    And it's not really practical to tell your user to use wget to download your web site either. :-) At that rate, it's probably easier to mirror the image. Problem solved.

  4. To those who choose to use referrer by wowbagger · · Score: 3, Insightful
    Some of us block the REFERER header out of privacy concerns, since many browsers do not distinguish between a GET kicked off due to a page element like an IMG tag, and a link click.

    May I make the following suggestions?

    1. If you MUST use a referrer block, please consider simply rate limiting non-matching requests to a very low rate, like 2kB a second. That will keep your bandwidth down, yet allow the paranoid among us to still see your image (albeit after a wait).
    2. Use a CGI to provide the image, and have the page in question generate the link dynamically - that way, for the next five minutes your image might be visible as http://example.com/image.cgi?pic=foo.gif&key=59823 4
      and later the key value may be different. That way, you don't rely upon a spoofable header. Yes, this makes your image non-cachable, but if you are using referrer blocking, perhaps that is not a bad thing?

    --
    www.eFax.com are spammers
  5. Re:Use a CGI script to block them. by JimDabell · · Score: 2, Insightful

    My point is not that wget can get around 'referer' header filters, but that the technique itself is a very weak protection.

    No, it's very strong protection. You seem to think that this is some sort of anti-copying measure. It's a way of protecting server resources. Nobody's going to bother deep linking when 99% of their visitors are going to get broken images. They'll just copy it to their own server instead.

    I bet it is only a matter of time before web board software comes up with a script for all signature images. The signature img tag is rewritten from www.whatever.tld/myimage.jpg to www.board.tld/img-sig.cgi?www.whatever.tld and a request that fakes up a referer header to make the request look like an internal link from www.whatever.tld sent instead by way of the cgi.

    Why on earth would somebody do that instead of simply copying the image to their server?

  6. Problems with simple blocks by wizzy403 · · Score: 2, Insightful

    I used to be the webmaster for a fairly popular (in our particular niche) website with an online store. I got pissed off when I started seeing people putting things up on eBay with IMG tags pointing at our server. So I did what many of you have suggested, set up a mod_rewrite rule that if the referrer was not blank and not our site, it substituted a "Copyright Violation" JPG file (The bosses probably wouldn't approve of Tubgirl or the Goatse guy). I had to discontinue this within a week because a fairly popular BSD router software (can't remember which one, sorry) used to include the IP address of the router in the REFERRER field, and so quite a number of legitimate viewers were getting "Copyright Violation" images in place of ALL the pictures on our site. And the worst thing was, it used the PUBLIC IP in the REFERRER field instead of the private NAT address, so I couldn't even add an exception for NAT space to fix it... After spending another two weeks looking around, I just started banning sites one at a time (eBay...) from being in the REFERRER field and keeping an eye on my logs. PITA, I know...

    That was a few years ago, perhaps this is a non-issue now. But keep in mind that people running braindead routers or webcaches might inadvertantly trigger your rule and get pissed. If you're just a hobby site, no big deal, I guess. But if you're making money off the site (online stores and the like) you risk losing business over it.

  7. Re:Here's what I did by Sentry21 · · Score: 2, Insightful

    Plus the whole refering them to tubgirl and other "shocker" stuff has always been, in my opinion, a little extreme.

    If I were a simple webhost client with a bandwidth limit, those links would most likely have put me over my limit. Fortunately, the server I have is colocated at a rather large colo, and we don't pay much for bandwidth, so it only really came down to a few dollars (basically it cost me a day's worth of my usual decadent lunch).

    Yeah, it's extreme, but putting an image on someone else's server into your sig on an absurdly popular message board is also extreme - but they don't realize it. I certainly can't e-mail them and say 'please don't use my image', and I shouldn't have to waste my time making a 'don't steal this image' image for one site. So, I just used what I had, managed to wget an image without having to look at it, and voila, problem solved.