I am building an app that displays very sensitive information and as such, I want to be able to either
- Disable the ability to capture the screen
- Redact the portion of my app that is on the screen during capture
- Detect that a screen capture was made via an event, hook, log etc
Are any of the above even possible in Windows? if so, how?
UPDATE I have tried checking the windows event log for screen captures. I have searched for all over the web and I could not find any windows hooks that could do that. Any ideas would be highly appreciated
Context: There are two entities. An regular user (User A) who wants to use my app and a third party (User B) who has access to the machine before User A uses it. The intention of User B is steal the sensitive information using screen capture software during User A‘s session. So using VMs or anything that requires the current user’s explicit action is not included
17
Perhaps you could intercept the screen capture windows message and disable screen at that time.
Here is one possible solution.
I read a blog post on this a while ago: http://www.patrick-wied.at/blog/image-protection-on-the-web
His approach is to use interlacing images instead of single, still-standing images. You’d split up the image into several fractions, for example in the form of stripes, and display them alternating very fast. That way, if you try to cap the screen, you will only get a – possibly unreadable, depending on your algorithm – fraction of the original picture.
On windows, I’d attempt to overlay my application with several pictures with transparent stripes. Perhaps you could only overlay the text boxes, or make them alternate between visible/invisible…
To circumvent this, you’d have to painstakingly take repeated screencaps and puzzle them together, or, as noted by Jörg W Mittag, use a DSLR with a slow shutter speed.
I’m not really sure if this is actually a practical solution for your problem, but I find the approach ingenious.
1
There is a way to do this, and you should not necessarily give up based on the other answers.
I use an app that has limited “prints” of data, and to prevent users simply screen-grabbing, the screen goes dark when using screenshot apps.
I can of course use a camera, however that’s really a pain and probably enough to prevent users violating the terms for IP.
If it’s about data theft, such as identity theft, or account hacking, a camera photo is probably enough.
5
I believe your best option is to permanently disconnect that particular computer from the Internet.
That way, even if a program did capture your screen of log your keyboard, then it will not be able to send it anywhere as there’s no connection.
Of course, you should also disconnect from the network as well unless it’s necessary to be connected and you are sure that all the computers on the network are disconnected from the Internet at all times.
This is the safest way so far.
P.S. If you need to access the Internet, then acccess from on a computer that has no sensitive information on it.
1