Re: css3-fonts: should not dictate usage policy with respect to origin

Glenn Adams wrote:

> So, there is no end-user risk that is being addressed here other than
> the hypothetical case of violating an EULA? Is that really what all
> this noise is about? 

No Glenn, this is an information leakage issue, it allows for the
contents of a font, the glyph data, to be transmitted beyond the
boundaries specified by an *author* (for example, on an access-limited
site), not just beyond what is allowed by some form of licensing.

> Could you send me or point me at a EULA for which SOR on fonts is
> relevant?

Ascender (Microsoft distributes their fonts via Ascender)

>From their Web Fonts EULA:

> 11. “Web Site” as used herein shall be the web site identified by you
> in your account at; (i) which utilizes the Ascender
> hosted Web Font Software in its web pages through the use of the
> Services, (ii) which does not in any way enable the permanent
> installation of the Web Font Software by End-Users on any workstation,
> computer and other electronic device, and (iii) which reasonably
> restricts access to Web Font Software from use in any way by web pages
> or any document not originating from your Web Site (For example; by
> using referrer checking to prevent hotlinking or deeplinking).


>From their Web Fonts EULA:

> 2.3. Font Software File Protection. You must ensure, by applying
> reasonable state-of-the-art measures, that other websites cannot
> access the Font Software for display (e. g. by preventing hotlinking
> and blocking direct access to the Font Software via .htaccess or other
> web server configurations).

Received on Thursday, 30 June 2011 20:10:44 UTC