直接連結
 | 此條目目前正依照其他維基百科上的內容進行翻譯。 (2017年3月19日) |
 | 此條目包含過多僅特定讀者會感興趣的過度細節內容。 |
直接連結(英語:Inline linking),也稱熱連結(hotlinking)、leeching、piggy-backing、直接連結(direct linking)、異站圖像抓取(offsite image grabs)等,它是指在一個網站的網頁上,未經允許地使用使用連結對象直接呼叫另一個網站上的資源(通常是圖像)。在如今的網際網路上,未經授權的直接連結常被簡稱為盜鏈。
直接連結與HTTP
在全球資訊網幕後的超文字傳輸協定(HTTP)技術中,並未對鏈路類型做任何區分,所有連結的功能均為平等,資源可以位於任何伺服器的任何位置。
當訪問一個網站時,瀏覽器首先下載HTML格式的文件內容。下載的HTML文件可能呼叫其他HTML檔案、圖像、指令碼及樣式表等檔案。這些檔案可以包含<img>標籤以在頁面上顯示所提供URL位置的圖像。其中的HTML代碼可能不指定伺服器,從而使網頁瀏覽器使用與父代碼(<img src="picture.jpg" />)相同的伺服器。但它也可以指定在某個伺服器上代管的圖像的絕對URL,例如(<img src="http://www.example.com/picture.jpg" />。
在瀏覽器下載到包含圖像的HTML圖像後,瀏覽器將聯絡遠端伺服器以請求圖像內容。
內容連結的常見用法
在一個網站中可以顯示另一個網站的內容是全球資訊網超文字媒體原始設計中的一部分。常見的用法包括:
- 未經許可製作作品的副本侵犯著作權,而在一份HTML文件中給出到原始圖像或檔案位置的文字連結則不會侵權。[1]
- 網站架構師可能有意將一個網站的圖像隔離或獨立放置在另一個域名或伺服器(可能為單台伺服器、伺服器叢集或雲服務)上,從而在不同代管伺服器上採用不同的頻寬、安全等策略。舉例來說,熱門網站Slashdot將前端頁面存放在
slashdot.org,各個內容儲存在如games.slashdot.org、it.slashdot.org等,而圖像則儲存在images.slashdot.org。 - 一個網站上的文章可以選擇通過內容連結的方式參照另一個網站上的著作權圖像或內容,從而避免複製原始檔案可能引起的權利與所有權問題。但是,由於資訊源需要提供頻寬,這種做法通常不被鼓勵並容易視作對資源的濫用和對權利的侵犯,因為訪問者沒有在資訊源提供者預期的行為中看到資訊源整個頁面的原貌。
- 許多網頁包含橫幅式廣告。橫幅廣告是由廣告客戶或廣告中間人公司來代管。
<img>標籤的目標可能是一個伺服器上的CGI指令碼,廣告伺服器因而可通過其產生的唯一識別碼等資訊提供針對性廣告。CGI指令碼會收集資訊、判斷條件,並決定提供哪份圖像。 - 部分網站從另一個更快的伺服器(例如CDN伺服器)提供圖像,以改善客戶的訪問體驗。
- 點擊計數器或Web計數器會顯示當前網站或頁面已被載入的次數。網站可自行實現計數器功能,有一些第三方公司為網站提供免費或收費的專業計數器及訪客統計服務。
直接連結的爭議用法
當網站違背使用者期望時,網站之間模糊的邊際會導致其他問題。有些時候,直接連結也可用於惡意目的。
- 從其他位置檢索到的內容可能不適合當前定義的展示位置。
- Inline linking to an image stored on another site increases the bandwidth use of that site even though the site is not being viewed as intended. The complaint may be the loss of ad revenue or changing the perceived meaning through an unapproved context.
- 跨網站指令碼和釣魚式攻擊攻擊, may include inline links to a legitimate site to gain the confidence of a victim.
- 按內容付費的服務可能採用複雜的指令碼和內容連結技術來限制對其內容的訪問。
- 內部連結對象可能在客戶端上執行路過式下載, exploiting faults in the code that interprets the objects. When an object is stored on an external server, the referring site has no control over if and when an originally beneficial object's content is replaced by malicious content.
- The requests for inline objects usually contain the HTTP參照位址資訊。This leaks information about the browsed pages to the servers hosting the objects (see web visitor tracking).
行為阻止
客戶端側
大多數網頁瀏覽器都將直接根據網頁指示來取得圖像。[2] 嵌入式圖像可能以此作為一個網路信標來跟蹤使用者或將資訊傳遞給第三方。有許多廣告過濾工具可不同程度地限制此類行為。
伺服器側
部分伺服器採用HTTP參照位址等技術檢測直接連結,並可根據相同格式返回錯誤、告知、引導或譴責資訊,代替原始的目標圖像。大多數伺服器都可組態為避免為第三方直接連結提供代管的媒體內容。[3][4]
URL重寫(例如Apache HTTP Server的mod_rewrite)經常被用於拒絕或重新導向直接連結的圖像或媒體內容到其他資源。大多數媒體資源都可通過此種方式重新導向,包括視訊檔、音訊檔、動畫資源(例如Flash)等。
Other solutions usually combine URL重寫 with some custom complex server side scripting to allow hotlinking for a short time, or in more complex setups to allow the hotlinking but return an alternative image with reduced quality and size and thus reduce the bandwidth load when requested from a remote server. All hotlink prevention measures risk deteriorating the user experience on third party website.[5]
直接連結引起的著作權法律問題
The most significant legal fact about inline linking, relative to copyright law considerations, is that the inline linker does not place a copy of the image file on its own Internet server. Rather, the inline linker places a pointer on its Internet server that points to the server on which the proprietor of the image has placed the image file. This pointer causes a user's browser to jump to the proprietor's server and fetch the image file to the user's computer. US courts have considered this a decisive fact in copyright analysis. Thus, in 完美十訴亞馬遜案,[6] the 美國聯邦第九巡迴上訴法院 explained why inline linking did not violate US copyright law:
Google does not...display a copy of full-size infringing photographic images for purposes of the Copyright Act when Google frames in-line linked images that appear on a user’s computer screen. Because Google’s computers do not store the photographic images, Google does not have a copy of the images for purposes of the Copyright Act. In other words, Google does not have any 「material objects...in which a work is fixed...and from which the work can be perceived, reproduced, or otherwise communicated」 and thus cannot communicate a copy. Instead of communicating a copy of the image, Google provides HTML instructions that direct a user’s browser to a website publisher’s computer that stores the full-size photographic image. Providing these HTML instructions is not equivalent to showing a copy. First, the HTML instructions are lines of text, not a photographic image. Second, HTML instructions do not themselves cause infringing images to appear on the user’s computer screen. The HTML merely gives the address of the image to the user’s browser. The browser then interacts with the computer that stores the infringing image. It is this interaction that causes an infringing image to appear on the user’s computer screen. Google may facilitate the user’s access to infringing images. However, such assistance raised only contributory liability issues and does not constitute direct infringement of the copyright owner’s display rights. ...While in-line linking and framing may cause some computer users to believe they are viewing a single Google webpage, the Copyright Act...does not protect a copyright holder against [such] acts....
參見
參考資料
- ^ Mike Masnick. Is Inline Linking To An Image Copyright Infringement?. Techdirt. [2014-02-15]. (原始內容存檔於2018-06-23).
- ^ Thomas C Greene. Vista Security Oversold. theregister.co.uk. 2007-02-20 [2007-11-16]. (原始內容存檔於2018-11-12).
- ^ Ross Shannon. Bandwidth Theft. yourhtmlsource.com. 2007-02-26 [2007-11-16]. (原始內容存檔於2021-04-26).
Some webmasters will try to directly link to your images from their pages. Luckily, a simple configuration change provides the necessary fix.
- ^ Thomas Scott. Smarter Image Hotlinking Prevention. alistapart.com. 2004-07-13 [2007-11-16]. (原始內容存檔於2013-01-14).
- ^ Aleksandersen, Daniel. Image quality degradation as a hotlink prevention measure and deterrent. [1 September 2016]. (原始內容存檔於2016-12-20).
- ^ 487 F.3d 701 (9th Cir. 2007).