Stealing content was never easier than with HTML5
HTML5 makes adding video and audio content to your site very easy but there is currently no way to protect that content. If we’re all completely honest we know that content protection is still a big deal for record companies, movie studios, and TV channels, yet HTML5 puts their content just up for grabs. Let me give you a few examples.
Unnamed video site
Video site X just rolled out a brand new HTML5 video player. Like I said, HTML5 makes it really easy to add video content to your site but it makes it equally easy to download that content. It only takes a “view source” to find the URL to the video file. Some video sites have also noticed that and are now building custom JavaScript based players in an attempt to make it more difficult to get to the video file. On this one site I counted almost 3000 lines of JavaScript code for a rather basic video player with sharing functionality. 3000 lines of code and it still only took me three clicks to download the video file! I already hear some of you saying that you can also easily get the video file from a Flash based video player. If you use progressive download that is completely true. I’ll get back to that later in this post.
Unnamed new music discovery site
The release of the beta version of this new music discovery site is actually what sparked the idea to write this post. As per usual the tech blogs were buzzing about it as a new music discovery site that didn’t use Flash because Flash is dead. So I checked it out… This particular site gives you unrestricted access to the entire music library. I was able to look up any artist and play back any song in high quality… I can also buy the song on the site for the industry standard $0.99. But with just two clicks I was able to download any song from any artist straight to my desktop without actually buying it. No need for torrents or the risk of downloading viruses. It’s all right there on this official music discovery site in high quality AAC audio (in an M4A file).
Flash
I already mentioned that it’s also pretty easy to download a file used in a Flash based media player if the site uses progressive download. The difference between HTML5 and Flash in this case is that you CAN protect your content when using Flash. As there still is no standard audio/video codec in the HTML5 spec there also is no way to stream video and audio content using HTML5 across different browsers. Companies (including Apple) have been experimenting with streaming technologies but I’m sure you remember that that only worked in a specific version of Safari on a specific version of iOS. The HTML5 spec also has no guidelines for any sort of content protection.
Flash does work cross browser and cross platform (as I’m sure all of you know). With the use of Flash Media Server you can also completely protect that content and get the added benefits of features such as adaptive streaming (to adapt to changing connection speeds), reduced bandwidth usage, DRM, multicasting, peer to peer delivery, and more. Bottom line: Flash is still the best platform to stream (premium) video and audio content.
58 Comments
Feel free to follow me on: 
If you’re going to comment on this post make it constructive. I will no longer approve any comments that don’t add anything. Read the disclaimer. Read the post. Read the comments. A lot has already been said. Think you still have something constructive to add? Then go ahead.
I really think that what you have pointed out about HTML5 is just its very nature. It is meant to be open technology and it is its greatest advantage over Flash. And, notice it is the thing that makes it MODERN technology, because it is a sign of our times. Frankly, youtube is the only place on the internet I use that forces me to have Flash installed. You do not really see any flash when using AdBlock. HTML5 addresses this and it is a way to go. If you want your content to be protected, make it so, but do not rely on open standards, because they are actually trying to make something opposite with content in general :) The market will make the decision for us, and I predict that users will go for open standards instead of proprietary ones because it is just so much easier and more handy for everyone. Protected content is really so much 90′s corporate approach that does not makes a lot of sense to me :) Lawyers seem to be only beneficients of this. Look at what happened with DRM protected music files. My favourite 7digital turned into MP3 completely and nobody seems to have any problem with that.
Actually it’s no problem to download even a flash “protected” content. Just check chrome dev tools’ network tab (or firebug’s) and you will see the file, being downloaded from the flash player.
If it is protected with some streaming stuff like mms:// or rtsp:// , there is no problem. If you manage to get the URL for the file, you are definitely able to download it to the hard-drive.
As I’ve always said – there is no unstealable content on the web. It may be hard, but not impossible :)
Shouldn’t websites that are looking to protect their content, protect it with protection. For instance you can write your web service such that it does not allow anyone to download anything, but instead checks for a valid order or something before streaming the content. Doing otherwise is just lazy.
Claiming that stealing content that is openly downloadable is “stealing” any more than picking up $10 from someone’s unlocked secret hiding place is laughable. Security by obscurity deserves to be subverted.
“Nothing can be protected on the internet.” That’s is a myth believed only by the ones who never really studied how stuff can be secured.
Actually you can secure (also html5) progressive downloads for premium content but is it worth it? Why spend tons of money and time when you can use FMS to deliver premium content.
Modern browsers should support plug-ins.
Using plug-ins in browser has been something wonderful since the beginning of the web. It’s a pity that only flash has made it to be that popular.
In my opinion, if you wish to provide “premium content”, the odds are you should be doing it by means other than HTML5. Nothing is undownloadable, and most people are reasonable, so maybe instead embracing the technology and accepting that openness is a key principle of the www is the way forward for these providers.
Just my 2p
Have you ever heard of http://downloadhelper.net/ ?
Yes I am aware of tools like downloadhelper. I do want to repeat *again* that I also talk about how it is equally easy with Flash when you use progressive download.