[unfocused]

In Chrome, you can just do as the author says, right click and "Save Image As".

Then just go to the folder where it is being downloaded, and copy/paste the file "lisa.jpeg.crdownload" to "lisa.jpeg.crdownload copy".

Rename to "lisa.jpeg" and cancel the download. You now have the image. What's interesting is that you ARE actually downloading this image. It's just that they don't terminate the connection.

[chunkyks]

We have a security proxy at work that gives you the bits, but then holds the connection open while it does a scan, then resets the connection if it doesn't like something inside. Both Chrome and Firefox [haven't tried IE/Edge, but I assume that they'll do something that the proxy vendor would want] infer [or are told?] that the connection broke and delete the interim file. Unfortunately, with zip files, the header is at the end; so it can't do scanning until the whole file is down.

For me, the easiest way to mitigate it turned out to be to use wget [with an appropriate user-agent... say, the same as my desktop browser]. wget Gets the bits, but doesn't in any way molest the "partial" download when the connection resets. Then it tries to download the rest using the "Range" HTTP header, and the server says "oh, dude, you already got the whole thing"; wget declares success, and all the bits are in my download folder.

I believe that we pay, like, a lot for this proxy, which is annoying on two counts: 1) If I can get past it trivially, then presumably competent attackers can, too, and 2) Sometimes it takes a dislike to legitimate stuff, which is how I was forced to learn how to get around it.

[jcims]

Those controls on a proxy are to protect against the careless and the clueless. No competent security team will rely on them to prevent ingress/egress of data or malicious code by skilled individuals.

[bentcorner]

Correct - this is an attack on the other side of the airtight hatchway (i.e., you must persuade the user to run wget in a certain fashion and run the resulting exe, and if you don't need to persuade the user you could have done something simpler).

https://devblogs.microsoft.com/oldnewthing/20170130-00/?p=95...

[hoseja]

I am continuously appalled at the gall of calling that hatchway "airtight".

[fuzzy2]

That's not how these proxies usually work. They only give you enough bytes so the browser doesn't feel stuck while downloading everything and scanning it. The download then suddenly continues at 100 or even 1000 Mbit/s.

[chunkyks]

Indeed that's what I've experienced in the past. But I'm telling you this, for sure, based on my experience downloading a 200M tensorflow wheel the other day.

[alsetmusic]

I just dragged and dropped it to my desktop. This was on macOS, dunno if Windows would allow that.

[lostlogin]

It downloaded as normal on iOS.

[ronenlh]

Me too

[Wowfunhappy]

When I did that, macos dropped it as a .webloc rather than an image.

[echlebek]

I don't understand what this website is supposed to be demonstrating. Some sort of genius version of disabling right click I suppose. But I did download the image, because its contents were transferred to my computer's memory and displayed on my screen. I can see it clear as day.

If Web 3 is just willfully misunderstanding how computers work, I don't see a very bright future for it.

[Fnoord]

Whatever your browser shows, is shown from cache. So the picture should be in your cache, too.

[LordDragonfang]

(Most) browsers actually start displaying an image before it's fully downloaded. In fact, many image formats/renderers are specifically designed with this property in mind, like jpeg which will render progressively less blurry versions of an image as the browser receives progressively higher-frequency components of the Fourier transform.

While the bytes are there temporarily, just like with all the other methods discussed, chrome at least eventually give up on downloading the "whole" image and displays a broken image sign in place of the Mona Lisa (and presumably prevents it from being cached and deletes what was there)

[pvillano]

it would be interesting if the download stopped after the second to last progressive layer but before the last byte; then the .crdownload renaming workaround wouldn't work.

[julieturner99]

i paused the download and renamed the file to .jpeg and it worked similarly

[LastMuel]

Or, as an alternative, use wget and then press Ctrl+C after two seconds. Viola, you have a usable lisa.jpg.

[millzlane]

I did something similar on Firefox. But the image wasn't completely downloaded. Half of it was green.

[nilslindemann]

In this case, F10 and basic Gimp cropping Skills also do the job.