- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Mon, 6 Jul 2009 15:23:04 -0400
- To: Thomas Phinney <tphinney@cal.berkeley.edu>
- Cc: John Hudson <tiro@tiro.com>, "Tab Atkins Jr." <jackalmage@gmail.com>, John Daggett <jdaggett@mozilla.com>, www-font@w3.org
On Mon, Jul 6, 2009 at 12:50 AM, Thomas Phinney<tphinney@cal.berkeley.edu> wrote: > Although this is fine as far as it goes, it does NOT "prevent > tampering." Remember, the font is not encrypted, just signed. Somebody > deletes the signature and the custom data, and it's untraceable which > customer the font came from. > > That doesn't mean it's not worth doing. It's another post in the > garden fence, is all. It's less of a garden fence than a silent alarm. It's not visible to the user at all. It wouldn't even necessarily be a standard table that a third-party tool could easily remove. Any tool for converting the format of the font would, if it's conformant to the OpenType standard, ignore the table. And this is what I think makes the idea much more interesting than obfuscation. It's almost certain that people will widely distribute tools for stripping root strings and other things needed to make fonts *usable*. This is sort of a "Let me figure out how to use this font I found" thing, and it implies no malice. People are used to ignoring scary-looking legal notices to get to their goal. They (correctly) realize that most of them are nonsense -- possibly unenforceable, and certainly not something the notice-writer plans to enforce in practice. People are also used to circumventing arbitrary-seeming technical obstacles. But the only time silent metadata would be relevant is if the font foundry is actively pursuing infringement. The only reason ordinary users would even *know* of the metadata would be if a font foundry actually contacts them and tells them to take down the font. At that point, seeing that the rights-holder really cares, I think the overwhelming majority of people would stop using the font. They mostly wouldn't consider figuring out how to strip the metadata -- unless they're hardcore pirates, and live in a hard-to-pursue jurisdiction. So I think there would be little demand for a tool that would strip such metadata. When an average guy starts using the font he doesn't know about the metadata, and when he learns about it he's remorseful and/or afraid of legal action and doesn't want to strip it. I think this would make it a more effective enforcement mechanism than things that prevent the font from working. But, of course, it requires a lot more effort by the font foundries. And of course it's not perfect either.
Received on Monday, 6 July 2009 19:23:47 UTC