You can't download this image

In Chrome, you can just do as the author says, right click and "Save Image As".

Then just go to the folder where it is being downloaded, and copy/paste the file "lisa.jpeg.crdownload" to "lisa.jpeg.crdownload copy".

Rename to "lisa.jpeg" and cancel the download. You now have the image. What's interesting is that you ARE actually downloading this image. It's just that they don't terminate the connection.

chunkyks|4 years ago

We have a security proxy at work that gives you the bits, but then holds the connection open while it does a scan, then resets the connection if it doesn't like something inside. Both Chrome and Firefox [haven't tried IE/Edge, but I assume that they'll do something that the proxy vendor would want] infer [or are told?] that the connection broke and delete the interim file. Unfortunately, with zip files, the header is at the end; so it can't do scanning until the whole file is down.

For me, the easiest way to mitigate it turned out to be to use wget [with an appropriate user-agent... say, the same as my desktop browser]. wget Gets the bits, but doesn't in any way molest the "partial" download when the connection resets. Then it tries to download the rest using the "Range" HTTP header, and the server says "oh, dude, you already got the whole thing"; wget declares success, and all the bits are in my download folder.

I believe that we pay, like, a lot for this proxy, which is annoying on two counts: 1) If I can get past it trivially, then presumably competent attackers can, too, and 2) Sometimes it takes a dislike to legitimate stuff, which is how I was forced to learn how to get around it.

alsetmusic|4 years ago

I just dragged and dropped it to my desktop. This was on macOS, dunno if Windows would allow that.

echlebek|4 years ago

I don't understand what this website is supposed to be demonstrating. Some sort of genius version of disabling right click I suppose. But I did download the image, because its contents were transferred to my computer's memory and displayed on my screen. I can see it clear as day.

If Web 3 is just willfully misunderstanding how computers work, I don't see a very bright future for it.

Fnoord|4 years ago

Whatever your browser shows, is shown from cache. So the picture should be in your cache, too.

julieturner99|4 years ago

i paused the download and renamed the file to .jpeg and it worked similarly

LastMuel|4 years ago

Or, as an alternative, use wget and then press Ctrl+C after two seconds. Viola, you have a usable lisa.jpg.

millzlane|4 years ago

I did something similar on Firefox. But the image wasn't completely downloaded. Half of it was green.

nilslindemann|4 years ago

In this case, F10 and basic Gimp cropping Skills also do the job.

kuroguro|4 years ago

The problem with leaving connections open is that there's a limit on how many you can have on the server... I think the author has committed self-DoS :)

https://en.wikipedia.org/wiki/Slowloris_(computer_security)

tomxor|4 years ago

> The connection has timed out

Now I really can't download the image

sildur|4 years ago

And now you can't download that image.

garaetjjte|4 years ago

It would be possible to really close the connection but hack something to don't inform the client. (maybe just doing close() with SO_LINGER=0 and dropping outgoing RST in iptables would be enough)

titaniczero|4 years ago

The website is down now lol

ReactiveJelly|4 years ago

Yep. Although with the right language, even on cheap hardware, that limit might be 1,000 or so.

causi|4 years ago

When you usually try to download an image, your browser opens a connection to the server and sends a GET request asking for the image.

I'm not a web designer, but that seems rather ass-backwards. I'm already looking at the image, therefore the image is already residing either in my cache or in my RAM. Why it is downloaded a second time instead of just being copied onto my drive?

Tuna-Fish|4 years ago

Oh no, it's still downloading the one it's displaying on screen. You can even see a spinny thing as the icon of the tab on Chrome.

The format allows for showing images when they are partially downloaded, and also allows pushing data that doesn't actually change the image.

oefrha|4 years ago

You can totally "download" the image in your RAM by right clicking / long pressing -> "copy image" or equivalent in most browsers. It's just not going to be a byte by byte identical file, and may be in a different format, e.g. you get a public.tiff on the clipboard when you copy an image from Chrome or Safari on macOS, even if the source image is an image/svg+xml.

masswerk|4 years ago

As far as I remember from a previous project from a few years ago, the browser doesn't include a referrer for the download request, which can be used for a distinction. (You'll have to disable caching and E-Tags for this to work.)

However, this is easily defeated by the use of the console: Select the sources tab, locate the image and simply drag-and-drop the image from there, which will use the local cache instance for the source. Works also with this site, at least with Safari.

folmar|4 years ago

> When you usually try to download an image, your browser opens a connection to the server and sends a GET request asking for the image.

I can't vouch for chromium-*, but my Firefox does NOT do that. I've just tested it.

stiray|4 years ago

I have problem understanding what problem is this solving?

When the image is on my screen I can just screenshot it.

This is a common problem, using something in insecure environment, thats why companies are going into such extents to encrypt movies on whole train from source to the display and even those are regularly dumped.

paavohtl|4 years ago

I don't know about browser internals, but I would guess that the browser decodes the image once into a format that can be shown on the page (so from PNG/JPG/WEBP into a RGBA buffer) and then discards the original file. This saves a bit of memory in 99.99% of cases when the image is not immediately saved afterwards.

forgotmypw17|4 years ago

This used to be common behavior, but changed over time in most browsers.

Your guess is as good as mine as to why.

ravenstine|4 years ago

There's another way to achieve this in a more malicious way. Granted I haven't tried it in years, but it was possible back in 2017 when I tested it.

The idea is to fake the image that's being displayed in the IMG element by forcing it to show a `background-image` using `height: 0;` and `padding-top`.

In theory, you could make an IMG element show a photo of puppies and if the person chose to Right-click > Save Image As then instead of the dog photo it could be something else.

For some reason I can't Oauth into Codepen so for now I can't recreate it publicly.

jffry|4 years ago

Yes, this still works just fine! https://gist.github.com/jffry/8906d4fec025c564c7b396324bedaa...

Meph504|4 years ago

You could also just do like we did for years and check the refer for the image request, and if it wasn't your web server you redirect the file to whatever you want, the end user has know what of knowing. and because the trick is done on the server side then viewing your source won't get around it.

This is the same method used to prevent hot linking to images back in the day.

bellyfullofbac|4 years ago

Not very new, the technique's probably been around since the 2000's... e.g. you can't right click, save as on the web version of Instagram because all the images are background-images attached to DIVs. In the "old days" there'd be a 1x1 transparent GIF above the image, so any downloader would download that instead.

alias-dev|4 years ago

This does create a self inflicted Slowloris attack on the server hosting the image, so this site is probably more susceptible to the hug of death than most

qwerty456127|4 years ago

It always baffled me browsers even try to download an image (or a page or whatever) I asked them to save despite fact they have already downloaded and displayed it. What I would want them to do instead is just dump it from the memory.

And this sounds particularly important in case it's about a web page which has been altered in runtime by JavaScript - I want the actual DOM dumped so I can then loaded it to display exactly what I see now.

agucova|4 years ago

I've always thought the same. The data is there, why go through the trouble of downloading it again?

dobladov|4 years ago

curl --max-time 1 https://youcantdownloadthisimage.online/lisa.jpg > lisa.jpg

styluss|4 years ago

Add -N, --no-buffer Disables the buffering of the output stream. In normal work situations, curl will use a standard buffered output stream that will have the effect that it will output the data in chunks, not necessarily exactly when the data arrives. Using this option will disable that buffering.

and it works

shrx|4 years ago

Results in an empty file.

pbobak|4 years ago

It downloaded on Safari on iOS. Long press on the image and tap Add to photos.

jb1991|4 years ago

Same for me, but the webpage gave the impression that it was still downloading, because after it download completely, at least in firefox on iPhone, it’s still showing that it was downloading.

threatripper|4 years ago

I could copy the image from Firefox. Are you sure you downloaded it instead of copying it?

robarr|4 years ago

Ditto

progman32|4 years ago

This is a perfect (if maybe unintentional) example of how to get help from otherwise disinterested technical folk: Make an obviously technically-incorrect claim as fact, and watch as an entire army comes out of the woodwork giving you technical evaluations :)

Andrew_nenakhov|4 years ago

Cunningham's Law [1]: "the best way to get the right answer on the internet is not to ask a question; it's to post the wrong answer".

[1]: https://meta.m.wikimedia.org/wiki/Cunningham%27s_Law

userbinator|4 years ago

People hate DRM. Thus everyone will work their hardest to bypass it.

manbart|4 years ago

I’m aware of this phenomenon, but have never tested it (confidently posting something incorrect to get responses with the real answer). Has anyone here actually tried this? How did it work?

unknown|4 years ago

[deleted]

barelysapient|4 years ago

Downloaded on my iPhone with a single tap.

singularity2001|4 years ago

Downloaded on my mac with two clicks (FF): open in new tab, download

andix|4 years ago

Yes, just copy or save to gallery and it’s done…

aerovistae|4 years ago

I was about to "Save as..." when suddenly it struck me that this would be an incredible bait to spread a virus.

kingcharles|4 years ago

Too late. You already download an image into your cache when you view it.

soheil|4 years ago

An image virus? Please do elaborate.

cagr|4 years ago

screenshotted it instead

Hard_Space|4 years ago

You really can't - the HN hug of death has killed it!

teitoklien|4 years ago

The image was dead in the first place, hence it cannot be downloaded or opened.

That’s the joke, i guess.

jancsika|4 years ago

Graceful nongradation

sam1r|4 years ago

You can't download the code on github either.

Because github is currently down.

jcun4128|4 years ago

rare occurrence I imagine but good check to not have everything in one place

zamadatix|4 years ago

In Chromium based browsers the quickest method I've found is "right click -> Inspect" the image then click the sources tab in the dev tools window. From here you can drag or save the image shown without issue. My guess as to why this works is the sources view seems to pull from the loaded content of the page rather than fetch the content based on the lack of packets trying this with a packet capture running.

nine_k|4 years ago

In Firefox, beside that, you can press Ctrl + I, open the "Media" tab, and pick any of the graphics that were already downloaded to display the page. Then you can save the picture(s) you're interested in. I suppose the source of it is the local cache.

Does not work in this particular case, of course, because the whole image is not yet in the cache.

Kuinox|4 years ago

Right click copy is faster.

wsinks|4 years ago

On iOS, long press > add to photos

I now have a photo of the Mona Lisa in my camera roll.

I guess this is one of those things that wouldn’t be as edgy with the actual mechanism stated. :)

human|4 years ago

No issue downloading it on iOS.

eyelidlessness|4 years ago

Same. Oddly, the page itself remained in a loading state even after downloading succeeded.

TheRealDunkirk|4 years ago

Great! Just what we need these days: more tricks to screw around with the simple, straightforward implementation of the HTTP protocol! And just in time for Christmas.

sumthinprofound|4 years ago

Firefox on Android long press save image no other action taken and it shows up in my device photo gallery.

(edit: clarity)

dvh|4 years ago

If I wanted a non-downloadable image I would make it from 1px wide/tall colored divs.

dorkwood|4 years ago

I thought this is what it was going to be! Another method would be to generate a plane with the same number of vertices as pixels, store the pixel color values as an attribute, and then render the mesh to a canvas.

MildlySerious|4 years ago

Pretty sure that was actually used in emails at some point, just with tables, to get around email clients not loading images.

masswerk|4 years ago

I actually used this to generate graphs in JS/HTML in the 1990s. :-)

dibeneditto|4 years ago

In Chrome, Right-Click on Image → Inspect → Right-Click on <img src="lisa.jpg" alt="Mona Lisa"> Tag → Capture node screenshot → Save

LeoPanthera|4 years ago

Safari Mac, I dragged it out of the page and into a Finder window, and it saved.

numbsafari|4 years ago

Yeah, I just:

1) used the “copy image” function Safari on iOS.

2) took a screenshot.

… back to the drawing board NFT bros.

tomashubelbauer|4 years ago

I right-clicked and pressed Open Image in a New Tab and then pressed Escape to disconnect the browser from the server. No infinite download here.

1vuio0pswjnm7|4 years ago

This sure seems like a weakness of the so-called "modern" web browser. Simpler, safer clients and proxies have no trouble dealing with a server that is (deliberately) too slow.

For example,

curl

    curl -y3 -4o 1.jpg https://youcantdownloadthisimage.online/lisa.jpg

tnftp

    ftp -q3 -4o 1.jpg https://youcantdownloadthisimage.online/lisa.jpg

links

    xy(){ tmux send "$@" ;};
    xy "links https://youcantdownloadthisimage.online/lisa.jpg";
    xy Enter;
    sleep 2;
    xy s;
    xy Enter;
    tmux capture -t3 -p|grep -q Overwrite && 
    xy o;
    sleep 1;
    xy a;
    xy q;
    xy y;

haproxy

    frontend bs 
    bind ipv4@127.0.0.1:80
    use_backend bs if { base_reg youcantdownloadthisimage.online/lisa.jpg }

    backend bs
    timeout server 420ms
    server bs ipv4@137.135.98.207:443 ssl force-tlsv13 ca-file /etc/ssl/certs/ca-certificates.crt verify required

1vuio0pswjnm7|4 years ago

netcat w/stunnel

   cat << eof > 1.cfg
   [ x ]
   accept=127.0.0.255:80 
   client=yes
   connect=137.135.98.207:443
   options=NO_TICKET
   options=NO_RENEGOTIATION
   renegotiation=no
   sni=
   sslVersion=TLSv1.3
   eof
   stunnel 1.cfg
 
   printf 'GET /lisa.jpg HTTP/1.0\r\nHost: youcantdownloadthisimage.online\r\nAccept-Encoding: gzip\r\n\r\n' \
   |nc -w1 -vv 127.255 80 |jpgx > 1.jpg

openssl

   printf 'GET /lisa.jpg HTTP/1.0\r\nHost: youcantdownloadthisimage.online\r\nAccept-Encoding: gzip\r\n\r\n' \
   |timeout 3 openssl s_client -tls1_3 -connect 137.135.98.207:443 -ign_eof|jpgx  > 1.jpg

jpgx (custom filter: extract JPG from stdin; foremost will not work for this image, see byte 8114, etc.)

    sed '1,3s/^ */ /;4,18s/^ *//' << eof > jpgx.l
    int fileno(FILE *);
    #define jmp (yy_start) = 1 + 2 *
    #define echo do {if(fwrite(yytext,(size_t)yyleng,1,yyout)){}}while(0)
   xa "\xff\xd8"    
   xb "\xff\xd9"    
   %s xa 
   %option noyywrap noinput nounput
   %%
   {xa} putchar(255);putchar(216);jmp xa;
   <xa>{xb} echo;yyterminate();
   <xa>.|\n echo;
   .|\n
   %%
   int main(){ yylex();exit(0);}
   eof
   
   flex -8iCrf jpgx.l;
   cc -std=c89 -Wall -pedantic -I. -pipe lex.yy.c -static -o jpgx;

Supposedly|4 years ago

right click > copy image > paste somewhere

Works for me :) (I pasted in Telegram FYI)

unknown|4 years ago

[deleted]

unknown|4 years ago

[deleted]

earth2mars|4 years ago

On Google Pixel there is a new feature where I can go to the recent app screen and it defects images to click on them to do Google lense or save images or share image. I was able to save the image of size 506kb with 841x1252 1.1MP pic.

nicebill8|4 years ago

Drag and drop to Desktop on macOS works too.

zImPatrick|4 years ago

copy the not finished download file in your downloads folder (for me lisa.jpg.crdownload) and name it lisa.jpg

unfocused|4 years ago

Just wrote the same. Didn't see your comment early. So really, you can absolutely download this image!

synergyS|4 years ago

Hm opened chrome console and saved it from sources there, took 30 secs :)

T0Bi|4 years ago

It's definitely hard to download an image that doesn't load. :(

lavp|4 years ago

The image saves immediately on an iPhone

soheil|4 years ago

Works fine with wget it just keeps hanging but if you CTRL+C it and open the file it'll look fine.

The trick is to have nginx never timeout and just indefinitely hang after the image is sent. The browser renders whatever image data it has received as soon as possible even though the request is never finished. However, when saving the image the browser never finalizes writing to the temp file so it thinks there is more data coming and never renames the temp file to the final file name.

busymom0|4 years ago

My usual way of downloading images is to click and drag the image into my downloads folder on my Mac. Worked fine for me from Safari. Am I missing something?

efortis|4 years ago

Load the website in Firefox with the Network Panel open, hit "Escape", and right-click "lisa.jpg" -> "Save Image As"

xdrosenheim|4 years ago

Firefox mobile did hang when trying to download, but after pressing cancel the image was downloaded and viewable in my gallery app.

kuu|4 years ago

Same here

CyberShadow|4 years ago

The site does not send a Content-Type header for the main web page, so I get a download dialog when trying to open it.

aeturnum|4 years ago

Aside from all the folks who can download the image one way or another, I'm pretty disappointed that the technique here is simply using a web-server that doesn't work like clients expect. People have broken links or incorrect redirects all the time, but we don't generally make a fuss over them.

Wowfunhappy|4 years ago

Other methods have been posted, but I wanted to share mine. Mac needed:

1. Secondary click image → "Copy Image"

2. Open Preview

3. File → New from Clipboard

4. Save image

fart32|4 years ago

Yeah, I couldn't figure what the fuzz is about at first, as I simply right-clicked, copied and pasted into mspaint. I rarely need to save an image, more often than not I just paste it into some other application.

unknown|4 years ago

[deleted]

shawnz|4 years ago

An interesting workaround for Android 12 users: go to the app switcher and there will be a badge over the image which you can click to get "copy", "share" and "save" buttons. Save it from that panel and it works just fine.

unknown|4 years ago

[deleted]

Brushfire|4 years ago

Downloading the image worked just fine on an iPad. So not sure what they are talking about.

dillondoyle|4 years ago

Another idea is canvas: https://jsfiddle.net/dvg45pcz/

But I don't know how to get it to not appear in network sources.

Or wasm but I don't know how to write that.

brodock|4 years ago

You could likely pack.and unpack from websockets...

cmaggiulli|4 years ago

Does WebRTC show in the network console?

tschesnok|4 years ago

No one seems to mention that Chrome keeps spinning on the HTML load as well and eventually kills the image. This means the webpage itself is broken and fails to work. Not just the download. Soo.. this just does not work for anything..

unknown|4 years ago

[deleted]

jasmes|4 years ago

Looks at image.

Looks at prntscrn key.

This is basically a carefully targeted reverse slow lorris and involves right clicking an image why do I fear that use case and that level of madcap solution will all lead back to NFT bros...

countmora|4 years ago

I chuckled about this. However you can drag and drop it to your Desktop on macOS.

Tenoke|4 years ago

This one is pretty easy but a friend recently showed me one (gallery of some sort) I couldn't figure out quickly which was downloading chunks in nonstandard ways and piecing them together with uglified js.

thih9|4 years ago

Somehow right clicking + saving worked fine on Safari (desktop). I tried it a couple of times and it worked in all cases; sometimes it took a second, sometimes more. Perhaps the server dropped the connection?

olliej|4 years ago

On webkit based browsers at least you can just drag the image out, it doesn’t bother trying to redownload it just reconstructs the image file from memory, this also applies to copy/paste on ios

sys_64738|4 years ago

There's a multitude of ways to workaround this hack. You can easily grab the screen area via the OS if need be. Seems pointless to try to restrict access if it's viewable in a browser.

ReleaseCandidat|4 years ago

Koan of the day: Can you download something that doesn't load?

veaxvoid|4 years ago

Just made a screenshot

mark_and_sweep|4 years ago

I would have expected this to do something different, like rendering the image via WebGL (so it looks like an <img>, but isn't easily downloadable).

sneedenheimer|4 years ago

  $ wget https://youcantdownloadthisimage.online/lisa.jpg

wait for like 5 seconds for it to finish downloading and then hit ctrl-c

chrisbrandow|4 years ago

I right clicked (on a Mac), clicked "copy image" and I pasted that into preview just fine.

Is there some reason why that's an uninteresting exception?

nfgrep|4 years ago

Using Safari on iOS. I was able to save it instantly…

jaxelr|4 years ago

Likewise, using Firefox on iOS.

brundolf|4 years ago

It worked fine on iOS (confirmed in my photo library)

webpdfpro|4 years ago

https://imgur.com/a/60ArLwg – here you go!

unknown|4 years ago

[deleted]

rad_gruchalski|4 years ago

On iOS: tap hold the image, save to photos. Done.

RolloTom|4 years ago

wget and aria2c both works. I get a jpg image 54,8 KiB, SHA256 sum 204788602166C017B8FEF5D63EDFD814DC9865233C410BCDAD713F78DAE5AF18

hoseja|4 years ago

I thought it was going to be some obfuscated JS or maybe the image reconstructed from a grid of subimages or some such thing.

ChrisArchitect|4 years ago

what, sure if initiating the save as.. triggers this endless download thing

but the initial load is the image and opening up dev tools and finding it in the sources/cache and saving it from there, chrome knows it's 56.1kb or whatever and just saves it out of cache, done.

Interesting but what was the point they're trying to make?

growt|4 years ago

Went to the download folder, renamed lisa.jpg.crdownload to lisa.jpg. Cancelled the download in the browser.

hollander|4 years ago

Rightclick and select "copy image". Why would you want this if you can copy the image anyway?

syamkumar|4 years ago

I just right-clicked the image, selected 'copy image', opened Gimp and pasted as new image.

fumblebee|4 years ago

Hm, on Safari mobile, hold down on image and “Add to Photos”, downloads fast and fine. How come?

can16358p|4 years ago

I just simply long tapped on the image and tapped save to photos on my iPhone and it was saved.

meow_mix|4 years ago

How to download this image:

1. Open Inspect (right click and hit "inspect")

2. Click the "Network" tab

3. Refresh the page (while clearing the cache Command+Shift+R)

4. Right click on "lisa.jpg" in the list view under the "Network" tab

5. Click "Open in new tab"

6. Right click the image on the new tab

7. Click "Save image as"

Man I can't believe these clowns (or myself for typing all this out--don't know who is worse)

Mogzol|4 years ago

Did you even try this before posting? These steps are no different than just right-clicking the image and choosing "Save image as". It still results in a download that never finishes.

scoopertrooper|4 years ago

Did you even read the page? There's no reason to think that this approach would work.

hoten|4 years ago

What actually works: take a snapshot of the element via the Elements panel.

grawprog|4 years ago

I had zero issues downloading the image with brave. Saves normally like any other picture.

marcelotournier|4 years ago

iOS Safari saved the image in my photos, as any regular picture that I do a long tap on.

hereme888|4 years ago

I was using the Tor browser from my Android and had no problem downloading the image.

SilentM68|4 years ago

I just right-clicked, copied the image and pasted into an image editor in windows.

unknown|4 years ago

[deleted]

unknown|4 years ago

[deleted]

worldofmatthew|4 years ago

Copy and Pastes works fine.

atum47|4 years ago

if I open the image on a new tab, after 1.5 minutes the "content download" was ready. Also, had no problem right clicking it and hitting copy image.

0xhh|4 years ago

I guess this is very similar to res.end() in nodejs servers

boublepop|4 years ago

Yes I could. No issues. Save to photos on iPhone.

quickthrower2|4 years ago

You can on iOS safari. No hacks/workarounds

ladino|4 years ago

iPhone Safari - Instant Download, no problem!

haunter|4 years ago

iPhone > long press > Add to photos

What am I missing?

wsinks|4 years ago

I posted the same snarky comment too. Seems the headline should be “You can’t download this exact image, but you can copy the presentation image via other means.”

More of a play on words for how copy and download often times mean the same thing even though technically they’re different.

neximo64|4 years ago

If you wait long enough it downloads.

unknown|4 years ago

[deleted]

html5web|4 years ago

Downloaded on iPhone

zeeshanejaz|4 years ago

`prt sc` anyone?

donkarma|4 years ago

99% sure it said download, not screenshot

peanut_worm|4 years ago

works fine on ios

stevespang|4 years ago

[deleted]

daedlanth|4 years ago

[deleted]

huhtenberg|4 years ago

https://youcantdownloadthisimage.online/lisa.jpg... and?

mmmeff|4 years ago

[deleted]

unknown|4 years ago

[deleted]

223 comments