So I have been messing around with thingiview since I wanted to have a 3D viewer

Question

So I have been messing around with thingiview since I wanted to have a 3D viewer for the models on my site. It works great and everything except one problem. It's nothing wrong with thingiview, it is the fact that since the model is loaded into the browser, that means the model could also be copied.

So my question is, is there a way to prevent a 3D model file that is loaded into thingiview, which uses three.js from being copied freely. The only idea I can come up with that is copy proof is to have snapshots generated and then the user could just view the snapshots, but that sucks compared to being able to actually view the file.

So any ideas?

Explanation / Answer

Basically you cannot prevent data, that the server sent to the browser, being saved to disk and analyzed.

Since the 3D Models are JSON encoded, you can try and encrypt that JSON. This may incur a heavy overhead; the "Voltron" model on the ThingIView sample page is 277Kb. Libraries such as jcryption are probably a no-no.

You can load the model via AJAX and carefully check the request to make sure it's legit. But data can be grabbed off the wire, and requests can be spoofed.

You can load the model by splitting it in several calls. This makes it much more difficult to reassemble, but it wouldn't be difficult to reengineer your JS code to understand how reassembly works.

You can also try obfuscating the model. A simple way to do it would be to split the JSON model in two identical models, say A and B, with the exact same structure, A having a coarse version of each value and B holding the refinement. To explain:

True model (only on server): [[[ 17.1234, 5.2878, ...

Model A: [[[ 17.1, 5.2, ...
Model B: [[[ 0.0234, 0.0878, ...
The client code contains A and B. Even with compressed requests, it's going to weight a good 30-50% more than the unobfuscated version.

At runtime you walk the two JSON objects at once and sum the results into the real model which only exists in memory, and that you can then pass to thingiview. This can be done in such a way that a cursory examination of the files will immediately show something catchy such as

// OPTIMIZED JSON MODEL

var myModel = [[[ 17.1, 5.2, ...

/////
which would probably, at least in the beginning, being mistaken for the "real" model and the "only" one.

Likewise, you can introduce subtle (or not so subtle) errors in the model and correct them at runtime in an unobtrusive point of the code (maybe via an AJAX callback). Anyone grabbing the source and going for gold with myModel will then steal a defective model, and the correction would be very quick to do.

Of course he may then mistakenly believe, and possibly make it vociferously known, that you're a very poor modelist and your models are full of bugs. TANSTAAFL.

Adding a syntactically disastrous element at the beginning of the model would also ensure the grabbed code would not work, in such a way as to rule out an error on your part... but by the same token the thief would immediately suspect what happened, and a few minutes examining the code would reveal the trick, and the antidote (shifting off the extra element).

So these are all paltry attempts. The fact is that at some point, immediately before you call thingiview, the model will be there in memory. It may require a Javascript debugger, but at that point, the data can, and always will it be possible to, be stolen.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.