1

I have some sensitive content that I am presenting to authenticated users over the web, in a browser. I am looking for techniques which would allow me trace a screen shot or photograph of content back to a specific user by embedding identifying information in the web page.

The simplest approach would be placing the identifier in plain view, but this method isn't tamper resistant.

This lead me to think about steganography on the web.

Techniques like LSB embedding only work with images; there are some pages on my site which don't include images. Furthermore, it also wouldn't work well with poor-quality image capture, as is often the case camera phones; the LSB might be corrupted by glare, blur, reflections, etc.

Two example techniques I found are:

Are there similar techniques (or even libraries) which have been used on web content?

For the purposes of this question, I am not concerned with copy-prevention.

Andrew Vermie
  • 623
  • 3
  • 8
  • why not just place a unique identifier marker on the page? Like a login name or something that will not raise suspicious from the user? What about having this value as a single/few shade/s different on the background of the webpage, with your content arranged in such a way that there's always enough background visible to (carefully, with a decent painting program, and someone who knows what they're looking for) edit and extract the data, – Martin Jun 25 '15 at 20:59
  • There are a number of approaches like the ones that Martin described. Consider all the subtleties of a dollar bill. However, like you said, if your marks are too subtle, a poor-quality screenshot wouldn't capture that information. Or if someone recompressed a monitor screenshot to jpeg. And if the marks are too local, you risk a clip of a screenshot not containing your information either. Ultimately, there are ways to capture the contents of a page while bypassing your security measures. You have to be realistic about which ones you want to practically guard against. Some are really hard. – Reti43 Jun 25 '15 at 21:24
  • @Martin Good question, Reti43 actually answered it for me: the 'photographer' could crop/clip/scroll past the identifier. The only way to make sure we have the identifier is to put it in multiple places. A single identifier is innocuous; the same thing repeated in many places looks strange/suspicious. – Andrew Vermie Jun 25 '15 at 21:34
  • @Reti43 I know there's no perfect solution, but I am hopeful that there are at least good ideas out there. :) – Andrew Vermie Jun 25 '15 at 21:41

0 Answers0