Designers beware: Real-time 3d viewers can easily be hacked.
A discussion with fellow designers ensued about the security of such real-time 3d viewers. As most thought security was low, and I had just read the story about the hacking bride, the one who hacked and downloaded a model from Shapify, I wanted to give it a try myself.
Manuel had posted a model to Sketchfab without the download option enabled, so I decided to see if I could rip that model from the 3d viewer.
Well, I managed to do it in under an hour during my lunch-break. And I now have a small program that allows me to rip other models as well. (But I won’t.)
I encountered no real trouble in locating the data files and textures: They were easily grabbed from the page source code. Conversion was a matter of reading the helpful and descriptive JS files used to show the 3d model and tada:
After I showed this to Manuel he promptly removed his model. Which is understandable, as he did not expect this was so easy.
Better safe than sorry
Real-time 3d viewers really are a great option to show of your work from all sides, and I truly love the 3d viewer at Sketchfab!
But be aware that they do not really protect your content from being downloaded, even if the download option is not enabled.
Secure options may exist, but until you are sure about this, I would advice against using real-time viewers for your most precious designs. As the source files are essentially up for grabs.
About the Author
Stijn van der Linden is a professional 3d printing designer and owner of studio Virtox.