W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: The other party in all this

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Mon, 6 Jul 2009 15:41:29 -0500
Message-ID: <dd0fbad0907061341j300a013br2c191f2d30fb7b63@mail.gmail.com>
To: Aryeh Gregor <Simetrical+w3c@gmail.com>
Cc: Thomas Phinney <tphinney@cal.berkeley.edu>, John Hudson <tiro@tiro.com>, John Daggett <jdaggett@mozilla.com>, www-font@w3.org
On Mon, Jul 6, 2009 at 2:23 PM, Aryeh Gregor<Simetrical+w3c@gmail.com> wrote:
> On Mon, Jul 6, 2009 at 12:50 AM, Thomas
> Phinney<tphinney@cal.berkeley.edu> wrote:
>> Although this is fine as far as it goes, it does NOT "prevent
>> tampering." Remember, the font is not encrypted, just signed. Somebody
>> deletes the signature and the custom data, and it's untraceable which
>> customer the font came from.
>>
>> That doesn't mean it's not worth doing. It's another post in the
>> garden fence, is all.
>
> It's less of a garden fence than a silent alarm.  It's not visible to
> the user at all.  It wouldn't even necessarily be a standard table
> that a third-party tool could easily remove.  Any tool for converting
> the format of the font would, if it's conformant to the OpenType
> standard, ignore the table.  And this is what I think makes the idea
> much more interesting than obfuscation.
>
> It's almost certain that people will widely distribute tools for
> stripping root strings and other things needed to make fonts *usable*.
>  This is sort of a "Let me figure out how to use this font I found"
> thing, and it implies no malice.  People are used to ignoring
> scary-looking legal notices to get to their goal.  They (correctly)
> realize that most of them are nonsense -- possibly unenforceable, and
> certainly not something the notice-writer plans to enforce in
> practice.  People are also used to circumventing arbitrary-seeming
> technical obstacles.
>
> But the only time silent metadata would be relevant is if the font
> foundry is actively pursuing infringement.  The only reason ordinary
> users would even *know* of the metadata would be if a font foundry
> actually contacts them and tells them to take down the font.  At that
> point, seeing that the rights-holder really cares, I think the
> overwhelming majority of people would stop using the font.  They
> mostly wouldn't consider figuring out how to strip the metadata --
> unless they're hardcore pirates, and live in a hard-to-pursue
> jurisdiction.
>
> So I think there would be little demand for a tool that would strip
> such metadata.  When an average guy starts using the font he doesn't
> know about the metadata, and when he learns about it he's remorseful
> and/or afraid of legal action and doesn't want to strip it.  I think
> this would make it a more effective enforcement mechanism than things
> that prevent the font from working.  But, of course, it requires a lot
> more effort by the font foundries.  And of course it's not perfect
> either.

I agree with this analysis on every point.

~TJ
Received on Monday, 6 July 2009 20:42:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 June 2011 00:14:02 GMT