W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: The other party in all this

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Mon, 6 Jul 2009 15:23:04 -0400
Message-ID: <7c2a12e20907061223i5c31202cwac35d2feb70fb711@mail.gmail.com>
To: Thomas Phinney <tphinney@cal.berkeley.edu>
Cc: John Hudson <tiro@tiro.com>, "Tab Atkins Jr." <jackalmage@gmail.com>, John Daggett <jdaggett@mozilla.com>, www-font@w3.org
On Mon, Jul 6, 2009 at 12:50 AM, Thomas
Phinney<tphinney@cal.berkeley.edu> wrote:
> Although this is fine as far as it goes, it does NOT "prevent
> tampering." Remember, the font is not encrypted, just signed. Somebody
> deletes the signature and the custom data, and it's untraceable which
> customer the font came from.
>
> That doesn't mean it's not worth doing. It's another post in the
> garden fence, is all.

It's less of a garden fence than a silent alarm.  It's not visible to
the user at all.  It wouldn't even necessarily be a standard table
that a third-party tool could easily remove.  Any tool for converting
the format of the font would, if it's conformant to the OpenType
standard, ignore the table.  And this is what I think makes the idea
much more interesting than obfuscation.

It's almost certain that people will widely distribute tools for
stripping root strings and other things needed to make fonts *usable*.
 This is sort of a "Let me figure out how to use this font I found"
thing, and it implies no malice.  People are used to ignoring
scary-looking legal notices to get to their goal.  They (correctly)
realize that most of them are nonsense -- possibly unenforceable, and
certainly not something the notice-writer plans to enforce in
practice.  People are also used to circumventing arbitrary-seeming
technical obstacles.

But the only time silent metadata would be relevant is if the font
foundry is actively pursuing infringement.  The only reason ordinary
users would even *know* of the metadata would be if a font foundry
actually contacts them and tells them to take down the font.  At that
point, seeing that the rights-holder really cares, I think the
overwhelming majority of people would stop using the font.  They
mostly wouldn't consider figuring out how to strip the metadata --
unless they're hardcore pirates, and live in a hard-to-pursue
jurisdiction.

So I think there would be little demand for a tool that would strip
such metadata.  When an average guy starts using the font he doesn't
know about the metadata, and when he learns about it he's remorseful
and/or afraid of legal action and doesn't want to strip it.  I think
this would make it a more effective enforcement mechanism than things
that prevent the font from working.  But, of course, it requires a lot
more effort by the font foundries.  And of course it's not perfect
either.
Received on Monday, 6 July 2009 19:23:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 June 2011 00:14:02 GMT