Last week I was helping a friend pick out a Halloween costume. Since we were talking via instant message, I was bouncing from site to site, trying to find relevant links.
At one point in this, I landed on Spirit Halloween’s site. That site, like many other ecommerce sites, displays its images in a way that makes them difficult to copy or redistribute (though this is likely by accident rather than intent).
I was tempted to delve into the source code and pull the full-sized images of the costumes out that way, but instead something else caught my eye, a “Pin It” button for Pinterest.
It was then I learned just how easy their system is to break. With nothing more than two clicks of the mouse, I had the full image available for download and anyone else could have either.
Here’s a quick look at how it works and why.
How to Use Pinterest to Break Image DRM
To be clear, every image visible on the Internet can be downloaded one way or another. Whether it’s by looking at the source code, screenshotting the image or simply by disabling any protections that may be placed on it, there’s no such thing as a completely secure image.
However, many sites do take steps to try and limit how many people can access the full image and Spirit appears to be one of them.
If you pull up a costume, you’ll notice that hovering over an image produces a “zoom” box and that you can’t right click on the image.
Click on the image itself and you get taken a popup window that gives you a larger version of the image and completely blocks any attempt to right click it. The only action you can take is to click on it, which closes the popup.
However, if you click the “Pin It” button you get a new screen, one that should be very familiar to Pinterest users. It displays the various images on the previous page lets you choose which one to pin on the site.
The last one on the list is a full-size version of the original costume image.
Click that image and you’ll get a popup window to pin it. The window displays the image to the left and,t hough it appears to be reduced, it’s actually the full image and can be saved to your desktop either with a right click or a drag and drop.
However, the process doesn’t require that a site have a “Pin It” button on there. The process works just as well with the Pinterest Bookmarklet. In fact, any site that uses any kind of image protection can fall victim to this, that is, any site that hasn’t opted out of Pinterest already.
Needless to say, if you are trying to protect your images, Pinterest is not your friend and it will actively sabotage any efforts that you make.
Why This Happens
The reason this happens is straightforward. Pinterest, by design, is an image sharing site. So, when you run its bookmarklet or click a Pinterest button on a page, the first thing it does is gather all of the images on the page and lets you choose which one you want to pin.
This is very similar to what someone who is wanting to break image DRM would likely do, search through the HTML code of a page, find the correct image and visit the URL directly.
The only difference is that Pinterest does this one click, making it something that can be done with no HTML experience at all and only a few seconds of time.
While this certainly isn’t significant for sites that don’t protect their images, which make up the majority, for those that do, this is likely a serious concern.
What Can Be Done
If you’re a webmaster and you believe image DRM to be worthwhile, this is clearly a difficult issue. However, the simplest solution is to opt out of Pinterest. Doing so doesn’t let users see your images in the raw and, instead, only shows a warning.
However, Pinterest may also be able to help some here. Since the site is already copying images over to their server, there’s no reason for them to link directly to the larger version of the image if it’s above a certain size.
Basically, if the image is larger than it would be displayed on Pinterest, Pinterest can provide a lower-resolution version of the image in the popup window. This way, even though the image will still be able to be copied, it won’t be the full version.
Still, it’s obvious that the ideas of an image sharing site and image DRM are completely incompatible. If you want your work on Pinterst, you need to be prepared for it to be copied elsewhere as well. You can’t have open sharing and DRM at the same time.
In the end, this just highlights the complex relationship that artists, photographers and others have with Pinterest. While they love the promotion and new audience that comes with Pinterest, they worry about issues of attribution and what happens to the content after it inevitably leaves Pinterest.
So every creator has to decide if and where Pinterest fits in with their strategy. These aren’t easy questions but to begin answering them you need to know all of the benefits and drawbacks. On that front, one of the drawbacks to weigh is that any image protection you may have goes away when a user clicks a Pinterest bookmarklet or button.
If you don’t use any kind of protection, that’s probably not an issue at all. But if you do, it’s something to weigh and consider.