Hey,
Even today, when I have to post my real picture as a display picture, I get a little weary. With pranksters like these littered over the internet, no wonder the social networking sites are trying their best to protect profile pictures. Though people have used techniques ranging from intercepting right clicks to masking the pictures, most techniques don't really work the with the knowledgeable. After all, once the information is on the client, the question is only about making it difficult to reproduce the information by a prankster.
There are many sites that disable the right click on pictures using Javascript, but most people know how to get around this.
Orkut interestingly uses a combination of <DIV> and <IMAGE> tags to protect the profile pictures. The exact hierarchy in orkut is something like
<DIV style = "background-image=profile-pic.jpg">
---<DIV style = "background-image=blank.jpg">
-------<IMAGE src= "blank.jpg" />
---</DIV>
</DIV>
In this case, when the user right clicks on the image, though he gets the option to save the image, he only ends up with saving blank.jpg. The work around however is to simply to use a tool like Firebug to check the profile-pic.jpg, of see the HTML source to get the profile image.
There was a technique to overcome this too. Sites started embedding images on compile time into flash files. There were other sites that started "rendering" the images into the <CANVAS> tag. The latter did not really become popular as it is "HTML 5 only" tag. Nonetheless, all these techniques get defeated the moment the user does a "Print Screen"
This was something I was thinking about for quite some time when I came up with a thought that seemed like a potential solution. The profile picture can be embedded into a flash object that would be activated only as long as it gets certain random numbers from the server. The "getting random number" clause is added specifically to prevent users from saving the flash object, or faking the server replies. Also, to prevent Print Screens, the flash object (that renders at rates like x frames per second) can add noise to the image. As the noise changes at a very frequency, the human perception of the image would still be good. However, when a Print Screen is tried, all that would get copied is the image with the noise. If the noise is made sufficiently random, the the prankster can get is an image with noise in it. Even if the prankster tries to get multiple snapshots, depending on the noise spread, he may have to try may screen shots before actually reconstructing the actual images.
I realize that this requires a lot of bandwidth, and hence this may be used only in cases of where the localization of images is to be prevented for a fitting reason. I also got some comments from a couple of friends, telling me that this could be useful for web pages that display wallpapers, and even for the porn sites that want people visiting them rather than getting the pictures offline !!! :)
