My Two Cents on the AdBrite Debate
There was a lot of chatter over at TechCrunch a few weeks ago about AdBrite Invideo, a Flash video player that embeds ads so content creators can profit from their videos, regardless of where they are hosted. The comments focused on the potential for abuse — couldn’t an unscrupulous website operator take a good YouTube video, wrap it in the AdBrite player, and make money from someone else’s movie?
Maybe, but it doesn’t have to be that way.
What the world needs now is a smart video server. It doesn’t need to stream — most short form online videos work fine as progressive downloads — but it does need to authenticate. It doesn’t need to authenticate the user, just the player. And specifically, it needs to ensure that the player and the FLV are loaded in the context of the same browser session, in quick succession.
Here’s how it works:
- Request comes in to the server for the video player SWF. The server dynamically generates the SWF, including a signature of some kind.
- The player requests the video FLV, including the signature in the query parameters.
- The server checks that the query parameters include a signature recently handed out to the same IP address. If so, then it serves the video. If not, then it serves a video containing a scary legal notice.
Not a flawless solution, of course. Like all DRM, it’s crackable. Someone would figure out how to copy a good video to their own servers, for example. But it’s a great start. Like most things, there is a technical approach which prevents the most evil of crimes.
Anyone want to write an Apache module?
