Re: Fonts WG Charter feedback from John Hudson on 2009-07-06 (www-font@w3.org from July to September 2009)

From: John Hudson <tiro@tiro.com>
Date: Sun, 05 Jul 2009 20:29:38 -0700
To: "Tab Atkins Jr." <jackalmage@gmail.com>
CC: Håkon Wium Lie <howcome@opera.com>, Tal Leming <tal@typesupply.com>, Thomas Lord <lord@emf.net>, Aryeh Gregor <Simetrical+w3c@gmail.com>, Chris Wilson <Chris.Wilson@microsoft.com>, Sylvain Galineau <sylvaing@microsoft.com>, "www-font@w3.org" <www-font@w3.org>
Message-ID: <4A516FA2.2020308@tiro.com>

Tab Atkins Jr. wrote:

> I'm not seeing how that helps in any way, though.  Let's look at two
> situations, one with same-origin restrictions and one without.

> 1. Alice creates a site and purchases a font to use on it.  Bob sees
> the font, likes it, and wants to use it on his own site.  Same-origin
> restrictions are in place, though, so he looks at the stylesheet to
> find where the font is located on the server, downloads it to his own
> server, and links to his copy in his stylesheet.

> 2. Alice creates a site and purchases a font to use on it.  Bob sees
> the font, likes it, and wants to use it on his own site.  Since there
> are no same-origin restriction, he looks at the stylesheet to find
> where the font is located on the server, then links to Alice's server
> in his stylesheet.

> In both situations, Bob gets to use the font.  Same-origin
> restrictions don't stop that in any way.

No, but they oblige Bob to host the illegitimately used font in the same 
location as his web pages are hosted. That makes the illegitimate use 
easier to track.

> That's great if such a benign aspect goes over so well with foundries.
>  I fear, though, that perhaps you're saying "single-origin linking"
> and they're hearing "single-origin *use*".  The font can still be
> easily downloaded and used on other domains.

Understood, but it means that anyone doing this is effectively running 
up an electronic flag saying 'Look over here, I'm serving an unlicensed 
font!' What I like about single-origin linking is that it makes the 
policing of web font use much easier; since policing is what we're left 
with if we're not allowed to have DRM, I'm looking for things that make 
the policing easier: the digital equivalent of streetlights, 
neighbourhood watch and private burglar alarms. I don't want to be a 
policeman, nor do my clients, but if that is what the lack of effective 
technical protections demands, I want the illegitimate users to be as 
easy to spot as possible.

John Hudson

Received on Monday, 6 July 2009 03:30:22 UTC