Keeping assets "safe" (on behalf of asset providers)

Hi all.
This question came up in this thread. - starting a separate thread for it.

This asset provider (polyperfect) is awesome. In his video he says that we can use the assets commercially as long “as long as the assets are safely stored within your product”

What do you all think he means in the context of babylon? Would serving the assets via Firebase Cloud Storage, where a temporary key is attached to the URL qualify?


This sounds like a question only polyperfect can answer.

1 Like

To rephrase the question: how would you all maximally protect art assets in your babylon projects? What techniques would you use to limit/protect from download or watermark? Perhaps replicating what Unity web player might do (not sure what unity web player actually does, but assume there’s some asset protection thinking going on there).


I think that as soon that it is on the web or event rendered on your machine, the asset is out there :slight_smile: There are no 3d DRMs so it is impossible to prevent copy. You can make it harder and more confusing but not really much more :frowning:

1 Like

Howabout Sketchfab? Could one, in theory, download all of those models without paying for them?

Yes, it is the beauty of the web as well as a limitation :slight_smile:

So the model must be this .binz, huh?
I’d never inspected the sketchfab load before.

Unfortunately, nothing can be 100% safe.
However, if your assets are stored and downloaded encrypted, with the decryption key download using a public & private key pair (so also encrypted) that decrypts your assets on a 2nd thread, with the key stored in private class memory on that 2nd thread , then it would make it much more difficult to access the asset.

Still hackable, but not easy for a user to simply access from the dev tools

Interesting. Do you know of any examples where that is happening? Any npm libraries to operationalize that process?

Unfortunately not offhand. It was more a theoretical implementation, which is still not bulletproof, sorry I can’t help more than that.

As soon as you ask the client hardware to render the 3D asset, then it’s a raw string of vertices and texture data going to the GPU. And therefore interceptable. There are various tools out there for sponging up that data if you’re interested.

If you want your 3d assets to be secure, the best way is probably to render on your own server GPU farm, and stream a video feed to the client. There’s a bit of delay, but you can get really nice quality rendering since you control the hardware. And the client never directly has access to the vertex stream. An example: Car Configurator | 3D Vehicle Visualization | PureWeb


Absolutely, but in truth the same could be said about intercepting calls to DirectX or OpenGL in any games running locally. So in that sense pretty much any game you have bought contains 2d and 3d assets that are hackable in this way.

If you were to make an effort to encrypt the Babylonjs data being downloaded and stored, making it impossible to get directly from the network tab and local storage, would it really be that different?