Hey everyone! I'm working on a web app that delivers immersive lessons featuring interactive 3D models. The catch is, I won't require users to sign up, meaning they'll remain anonymous. My main concern is around protecting the 3D models that are hosted on my server. I fear that users could easily download these models through the developer tools in their browsers. I've looked into encryption, but most solutions seem to rely on authentication tokens, which won't apply in my case. I'm wondering if there are ways to encrypt these assets, or any other methods to make them undownloadable through developer settings? Any thoughts or advice would be greatly appreciated!
5 Answers
It’s pretty much impossible to completely stop users from accessing these resources. What you might try is to not only encrypt the models but also develop your own file format. Sure, it’s more work, but it means they'd need to reverse-engineer the format to convert it to something common. You could also provide a lower-quality version of the models; if someone does manage to download them, they’ll have a worse version. Ultimately, remember that encryption has vulnerabilities since it has to be decrypted client-side, so keep that in mind when implementing it.
You’ve got to remember, when you let users interact with resources, you inherently transfer that data to their computer. It’s easily accessible, even if encrypted. If you're trying to make models undownloadable via dev tools, realize that users don’t need to open dev settings; your application ships the data directly to their computer. You might want to reconsider whether users need to interact with the models at all. Would pre-rendered videos suffice? Or could you deploy a low-poly version for the web?
That's a tricky situation! One potential solution could be to run your models on a different system and stream video of the model to users, rather than sending the raw data. Users would send inputs for interaction, which would shift the model display. However, this may introduce noticeable lag and require more resources. Good luck with your project!
What you're really looking for is something similar to digital rights management (DRM). This means you'd need additional measures beyond encryption to lock down the data even post-decryption. Essentially, you'd have to secure everything to restrict access after it's been decrypted.
You can only make it more challenging for users. Remember that the models still need to be decrypted on the client side to be displayed. One option might be to watermark the models openly and clarify the licensing terms. For a more involved solution, you could run the rendering on the server and send back drawn images based on user inputs, but that would lead to a laggy experience and would be expensive to set up.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads