Let's talk about security


(Vlad) #1

Will be interesting to know how safe uploaded on SketchFab models.
This is interesting solution that block from skript kiddies with chrome/Firefox dev-tools and looks like even Ninja Ripper can't extract any 3D data.


(Post on link in English)

Btw, may be we can protect textures as first? :wink:


(Bart) #2

I'll pass it along, thanks!


(Stephomi) #3


(Vlad) #4

Heh, as expected :slight_smile:


(Vlad) #5

I hope this is not photogrammetry? :wink:


(Stephomi) #6

Doesn't seem so, the quality is not super great, but there's a normalmap and specular map.
The bottom line is that if someone wants the model and know a little 3d, it's going to be easy for him to have it.

In theory, it's possible to make it "very" difficult for someone to rip a model in an automatic way, but that requires lot of effort , little gain, and loss in performance and big loss in maintenance/stability of the product.
I don't know any 3d services that do such things, VR3D was really simple to rip, and ripping isn't something I'm even interesting/good at.

That being said, we are thinking about a few things to make it "a bit more difficult" though.
It could be enough for most script kiddies, as you mention it.


(Vlad) #7

Cool!
As a first step at least some texture obfuscation will be enough.


(Vr3 D Vn) #8

Hi Stéphane,

I'm Quang - Developer of VR3D.vn

Your skill is very great! I followed your SculptGL project for a long time ago and really like it.

I think most people want to rip 3D files don't have skill level as you, they mostly use tools like NinjaRipper so my technique already prevents most attempts (look like Sketchfab can't protect model from NinjaRipper?).

I also have some more ideas to against 3D ripper, I'm testing it and will update continuously.

Hope that we can discuss and learn from each other to increase the ability to protect 3D models for all of our clients.


(Stephomi) #9

Hi and thanks!

As said previously, we'll probably do a few easy things to counter naive rippers but we won't put much efforts on it as a determined ripper will always win.

As for the whole "ripping" issues, I believe the only true solution is to take legal actions against the rippers / website.
I suppose filing DMCA complaints (to website hoster) should be enough in most case.


(Lee C2202) #10

I hope you don't mind me jumping on the end of this conversation but I have joined Sketchfab with the aim of contacting a user with regards this very topic. I filed a usage violation with Sketchfab and Patreon over someone ripping a model from this site and then selling access to it on Patreon for $15 a shot as a game mod. As an artist, I find that quite shameful, so I tried to do something about it. Patreon said they will only act on a DMCA from the copyright owner but beyond posting a public comment, I haven't found a way to contact the owner yet. Sketchfab haven't replied yet, so I don't know what their stance is.

Is there a PM system, or is that something that is reserved for people with a higher status than site newcomer, or even just standard user?

Just to offer my background, I am a member of the modding community where this person uploads models (usually they use models ripped from other sources or blatant personal license abuse). I have been a professional game developer for over 30 years as an artist/designer/programmer, so consider an artist's creation to be worthy of protection. But unlike a crime the police respond to, a third party report carries no weight of any kind with copyright theft, so it needs the cooperation of the copyright owner. And that's not always easy to get.

I apologise if I have violated any forum rules in posting this, I am just trying to find the most direct way to the owner, to see if they are willing to act against this user.


(Vlad) #11

(Bart) #12

When did you file this report, and where did you send it to? Like Patreon though, we can only accept DMCA takedown notices from the copyright holder or their agents.


(Lee C2202) #13

It was only on Saturday but I wasn't really expecting a reply over the weekend, so not getting a reply isn't really unexpected. I sent it to hell@sketchfab which was the address shown on the usage violation page.

But as you will have noticed from my post, I am trying to find the best way to contact the author, without plastering it all over their model page. I tried following the author but still didn't get an option to contact them any other way than a comment on the item in question. I am basically trying to be discrete about the matter.

I get the impression that some of these places that host the people who violate usage rights, rely on it being difficult to contact IP owners. I don't know if they get a cut or something but you would think that an item reported would at the very least be suspended for a period of time, to give the owner of that IP chance to do something. But it seems they are happier to let someone continue making money for it. I see it like someone stealing your car and the police letting them carry on driving it, until you get round to reporting it stolen. EBay and Amazon are the same with counterfeit sellers.

I will give it another couple of days and if nothing comes back from Sketchfab, then I will post a comment on the author's page. It's not a very nice way to conduct this kind of conversation though and it could work negatively against the author... which is why I am wary of doing so.


(Bart) #14

Sure thing. I can't disclose his email address for privacy reasons, but I'll be happy to forward a message to him. Please contact me on bart@sketchfab.com, include the profile URL and message.

And requiring the copyright holder to file a report isn't just to complicate things - it's actually based on legal requirements. I'd love to be able to act stronger on rip notices, but there are many constraints we have to take into account :slight_frown:


(Lee C2202) #15

That's brilliant, thank you... I will get that done shortly.

Edit: Email sent, you will notice that the email address is different to the one on my profile. I can receive emails on my profile email address into Outlook but I can't send through there, so it was easier to use my alternate email address. I have identified myself in the email by my username, so you should be able to see which one is from me.


(Salex) #16

Hello! Are there any more news about the protection of the models, because I am certainly worried. Perhaps to ban such ripping programs? Block them!


(Bart) #17

We are always working to prevent ripping of our hosted models. While a simple 'ban' is technically not possible, we're making it as difficult as possible to do so. Be assured that people can never access your original files though - only the processed and compressed versions that we use for our viewer. You can find more information on our Help Center:


(Sukruboyraz) #18

ninja ripper can easily get skecthfab models this is a security hole


(Bart) #19

While we make it as hard as we can to prevent piracy, it’s not entirely possible due to the way video cards work. We’re scrambling the data we’re sending to your browser, but once we send it to the card it’s readable and it can be intercepted. Unfortunately this is true for any process that uses a video card, like games or any other WebGL/WebVR apps. That said, your original model file is never exposed. The model we serve to your card is heavily processed and compressed.

In the end it’s always a balance between getting exposure and showing your work vs how sensitive your data is. This is true for all media platforms (like YouTube, Spotify or Netflix).

To add an extra layer of security to your models, you can use Sketchfab PRO - this way you can make your models private and even password protected.