Hide or block the download of source 3D object

#1

Hello all, we are begining with Babylon, and we need use the viewer for put in online shop.

The problem is the 3D file .glb in Babylon js Viewer, this file is available for anyone to download reading the source code of html or php, exist some system for can block the download or add more security, any type of hide this? I think is important for the stores or work world, because the competitors can download it and have the work made.

Thank you :slight_smile:

#2

Hello and welcome to our new home!

This is a recurring question! I’m currently working with some folks @W3C to try to find a common ground here for users.

In the meantime (and this is not related to Babylon.js but really to all web development) you do not have a lot of options. You can obviously obfuscate your code but for assets there is almost nothing you can do.

Only thing I can think of would be to tweak the glb a bit to add some random changes that you could take in account in a modified version of our viewer… But it is tricky :frowning:

1 Like
#3

Maybe one day we’ll have an option to encrypt javascript in the browser… but until then, (and yet even then), if you know what to do, you can get the data.
If not directly from the source, then extracted from the javascript :slight_smile:

TL:DR; Even if the source was hidden/encrypted/etc, One could still extract (serialize) the mesh from scene.meshes.

1 Like
#4

Ops, I think this is an very important feature for the future, in this world of all copy… :confused:

#5

Indeed, the best we can do is to make it harder, so as Deltakosh pointed out, obfuscating aswell as renaming files and variables in production.
Why name a file “BMW_318.gltf”
When it could be called “1.gltf”, leaving no clue what the model is.

Also javascript variables,
Why Var BMW = …
Why not Var mesh_a = …

Hopefully some smart people will have a genius idea on how to protect web assets in the future :slight_smile:

1 Like
#6

I’m curious about how Sketchfab protects their data. My feeling is that they make a fork of glb, doing magic in the binary file as Deltakosh says above.

But they show us that’s possible… just probably many tons of hours to achieve the result… and maintain it against crackers.

#7

A way could be to stream your 3D scene as live video, like Steam Link: user have interactions, but not calculations and so 3D data.

1 Like
#8

That is true, I think i read google(?) was testing this kind of system, however, you need big and expensive servers to handle that kind of rendering for every visitor + the bandwidth use would be huge, combined with latency issues, i don’t see this being game-ready for years to come.
Small simple scenes like a product display, perhaps, yes, that could be a viable solution.

#9

Having some form of asset copy protection would be nice but no technical solution will ever be perfect and ultimately this is a legal (intellectual property / copyright) matter … nothing beats clear “terms of use” and, if needs be, a choicely worded “cease and desist or takedown” letter.

Personally, I think just splitting up assets into more granular chunks (modular sub-meshes, textures, animations etc) then using the Assets Manager to load and assemble (mix and match) the assets in game would make stealing things more trouble than it’s worth for most people. I know it’s a bit more work but I prefer this approach, irrespective of the copying issue.

1 Like
#10

No matter how you encrypt your code or 3D model files, you can not protect your content, and you probably shouldn’t do that.

As long as the modern GPU is still used to display something on the monitor, you can not stop user to get your content.

Ninja Ripper and many GPU Analysis softwares can directly rip 3D Models from the display card.

Here is an old but great article talking about this topic, by Brandon Jones

Some practical suggestions are:

  1. Split your 3D model files into pieces and do not use the entire formatted file like *.glb or *.gltf. Try to split them into vertex data level, loading encrypt or compressed content from a data base instead of files, for JSON format you can use MongoDB.

  2. Use HTTP software on your back-end server to control the permission.

  3. Uglify your Javascript code or use source-closed Webassembly module to deal your data.

  4. If you don’t care performance losing, do not use any usual image format (jpg, png, dds, crunch…) as texture, try to pass typed array directly to gpu or decompress texture just before drawing.

  5. Pray, the viewers don’t know any ripper software.

1 Like