Re: Protecting WebFonts from Gary Ruben on 1996-08-27 (www-font@w3.org from July to September 1996)

From: Gary Ruben <gdr@cataneo.bitstream.com>
Date: Tue, 27 Aug 1996 10:28:27 -0400
To: Erik van Blokland <evb@knoware.nl>
CC: w3 webfonts <www-font@w3.org>
Message-ID: <3223060B.41C67EA6@cataneo.bitstream.com>
Erik,

First let me say that I have read what you have to say about pixelfonts.
I think that you have presented the seeds of a potentially interesting
technology and that if you devote your energy and time to turning it
into a mature, functional, and useful technology, people will use it,
perhaps even would be willing to pay for it (both end-users and
developers).

But with regard to the possibility of making fonts secure and generally
useable on the Web, I have to disagree with your premises, your
conclusions, and the suitability of your pixelfonts as a solution to
enchancing the typographic experience of Web publishers and readers.

Erik van Blokland wrote:
> 
> In all proposals, webfonts security relies on the integrity of browsers,
> the integrity of operating systems, some part of the process being kept
> secret, or best of all, the integrity of users.
Yes, security relies on the cooperation and integrity of all of the
components. But the potential for parties wroking outside of the system
to *deliberately* thwart the precautions taken should not be cause to
just give up the attempt to make the Web more secure. The Web, today, is
a relatively insecure medium. But that does not stop people and
companies from carrying on commerce on the Web. Nor should it stop
publishers and users from reaping the benefits of an improved
typographic diversity for electronic publishing on the Web.

> The first two can and will be hacked with relative ease. Furthermore, it
If Web security can be so easily hacked, why do major software vendors
maintain a presence on the Web? Why do Symantec, Borland, Microsoft and
others offer on-line acquisition of significant (and sometimes
expensive) products? If security is so easy to circumvent, why aren't
there floods of bootleg copies of MS-Word, or Symantec Cafe, or any
other product available on-line, just floating around for the asking
(I'm not talking about the copies distributed by ignorant users, who
trade Fontographer like postage stamps)? Why isn't there a great hew and
cry from companies about their livlihoods being stolen from their Web
sites from under their noses?

> is unwise to believe in the possibility of secrets, and finally, the
Security does not need to rely on secrets. A public key/private key
encryption system uses published algorithms and has withstood the
scrutiny of dozens, if not hundreds, of experts in cryptography.
Everyone generally believes that the mechanism is as secure as we can
possibly hope for - only governments have the resources required to
break it.

> integrity of users towards fonts has been thoroughly tested in the world
> of personal computing already: every fontsale represents between 30 and
> 50 copied fonts. If already *anything* that sits on a webserver has to be
Do you have any hard evidence for this? Or is it just scare propaganda?

> considered to be public and accessible to the world, why entertain such
> vain hopes that it would be possible to keep something away from an user
Perhaps because we do not see thousands upon thousands of users blithly
stripping emmbeded TrueType fonts from the MS-Word documents that
contain them?

> on his own computer? When operating systems become browsers, keeping a
> font exclusive to one app is a _very_ easy hack to get around, since
Perhaps you would take the time to explain how this can be so easily
hacked. Sure, there are some very clever programmers, or hackers who can
find a way to perform this trick. But do you think that the vast
majority of users can figure this out? Or that they even would bother?
Why do *you* have such pessimistic expectations that everybody using a
computer would rather steal your fonts than buy them, and that therefore
the rest of us ought to just give up on trying to figure out how to keep
that from happening, or at least to seriously reduce the ease with which
it can be done?

> there are also fonts open to all apps available on the same system. Flip
> a bit, find free font.
Where is this magic bit? And how does changing a bit in an already
available font on the system make those other, unseen fonts suddenly
available? Are you now suggesting that even hacking the operating system
is such a trivial task that any high-school VB programmer can do it at
the drop of a hat?

> 
> Webfonts are things that primarily need to create bitmap images on
Web fonts are things that primarily "need" to perform the tasks that we
already expect in traditional type. Type is the tool that gives form to
communication. Bitmaps can stand in, but they're a poor substitute. They
are hard to scale properly, they look bad and read very poorly when they
are seen on screens with different resolutions than they were designed
for, they cannot be searched for content, they will not reformat when
the user changes the size of his browser window, and on, and on, and on.

> screens across the world. Most usage will be on screen. Print is another
> issue that can be solved seperately already.
But users *do* print Web pages. They do it for many reasons - to keep a
copy of the *information* for reference, or to read off-line because
reading long passages on-line is tiring (because of poor typography,
perhaps?), and all the other reasons why any other documents are
printed. The Web does not inherently reduce the need or desire to print.

> Let's get the screen right before giving away the fonts. Critics say
I think we can get the screen right with real fonts, and without giving
them away. Nothing you have said in this discussion, or in your polemic
on your Web page (which I printed out so I could re-read your breathless
prose at my leisure), convinces me otherwise. So far you have not raised
a single concrete reason why we should not be using real type on the
Web, nor why we should not consider how to protect those fonts, except
to say that fonts will be stolen no matter how hard we try to stop it.

> "screen resolution will increase, warranting outine fonts at the user
> end". Typedesigner says "that will be some time in the future, and even
> if it becomes a major issue (involving more than 20% of users) HTML will
> be *several* generations further".
The fact is that screen resolution is good enough *right now* to present
type with *acceptible* quality for most users. "Typedesigner" may have
higher standards than the average Joe, and looks down on us lowly slobs
who think Garamond looks beautiful coming from my 300 dpi laser printer.
I am sure that he also pities poor Mathew Carter for selling out, and
designing fonts specifically for the screen, and wish that he would
recant and rejoin the elite guild of "real typographers".

> Anything that's decided on as the webfonts standard will be obsolete in
> two years anyway, just because the introduction of type is going to raise
> the expectation of webtypography *so much* that current outline based
> proposals have to be completely revamped anyway.
Let's all hope that expectations will have been raised. But they cannot
be raised unless we introduce type to the Web. We can wait two years
because a standard we introduce today will be obsolute then anyway, but
you can say the same thing again in two years - 'just wait, cause it'll
be obsolete soon anyway'. Why will it be obsolete? Because we came up
with something we thought would work, we tried it out, and learned how
to improve it. We're not going to have anything better to offer in two
years if we don't try something now.

> 
> So why start enabling worldwide distribution of fonts with potential
> dramatic effects, when some smart tricks with fontservers, pixelfonts and
> some resolution information in HTTP protocol can provide enough *time* to
> make a solution that is pleasing to all involved for the long term.
Buying time is just that. You want to sit around spinning your wheels
hoping this will go away. It *will* go away and you'll just be sitting
in the dust of it's wake. Smart tricks and half-hearted stop-gaps do not
make reliable and effective solutions - they just make unecessary work
to patch things up after they fail. Many people have pointed out to you
ways in which your proposed solution fails to satisfy any number of
requirements. But you have not explained how they are wrong, or how your
solution could be fixed or improved to take account of their objections.
This letter of yours is more of the same.

> 
> Already sites are beginning to provide fonts to their viewers. Many of
> these are badly hinted (ripoff) PC truetype fonts. These fonts are
> scalable, but won't provide good results in all resolutions, neither do
> they print well. Yet people like it enough to maintain the supply. A
Because some people have no taste in fonts is not a reason to prevent
people who might have better taste from using higher quality materials.

> webfonts system that provides the possibility to deliver appropriate
> pixelfonts to the client, without enabling access to outlines is the best
A Webfonts system that allows publishers to pick the fonts and formats
they feel most appropriate, without enabling general end-user access to
the fonts is the best solution. And it includes the ability for you to
use pixelfont graphics if you want.

> solution for the time being. The fact that there are fonts at all will be
> blast, and it leaves room for better technology to be developed.
Better technology already has been developed - it promised to get even
better in the future. Some of us just don't want to wait to use what we
already have.

> 
> erik van blokland, LettError type & typography
> Home of the Randomfonts, Trixie, BitPull & GifWrap.
>    letterror http://www.letterror.com
>    typelab   http://www.dol.com/TypeLab/


Erik, believe it or not, the people who are working to establish a
standard for Webfonts understand your concerns about the safety of
intellectual property, and are trying hard to address them in a new
standard. I think we would all like your input on these issues, and your
cooperation, rather than your stubborn and unproductive opposition.

Regards, 

Gary

 
====================================================================
 Gary Ruben                             Bitstream Inc.
 Senior Software Engineer               215 First Street
 mailto:gdr@cataneo.bitstream.com       Cambridge MA 02142-1270 USA
--------------------------------------------------------------------
Bitstream does not necessarily endorse any opinions expressed here.
       (Come to think of it, you might not either. 8-o)
====================================================================
Received on Tuesday, 27 August 1996 10:34:12 UTC