Re: CSS3 @font-face / EOT Fonts - new compromise proposal

On Mon, Nov 10, 2008 at 10:25 AM, Levantovsky, Vladimir <> wrote:

>   ------------------------------
> *From:* [] *On
> Behalf Of *Tab Atkins Jr.
> *Sent:* Monday, November 10, 2008 9:44 AM
> *To:* Philip TAYLOR
> *Cc:* Mikko Rantalainen;
> *Subject:* Re: CSS3 @font-face / EOT Fonts - new compromise proposal
> On Mon, Nov 10, 2008 at 6:07 AM, Philip TAYLOR <>wrote:
>> Mikko Rantalainen wrote:
>> DRM is not the answer to the font piracy or to any other kind of piracy.
>>> Just make the content leagally available to customers on reasonable
>>> price and provide usable *service* they're willing to pay for.
>> May I (very respectfully) suggest that this is a political
>> perspective rather than a technical or technological one.
>> I for one, much as I detest DRM when it prevents me from
>> a legitimate activity such as making a backup copy of
>> a DVD, understand the need of skilled typographers to
>> protect their intellectual property against theft; I want
>> to see the tradition of high-quality type design carried on,
>> and if this can be accomplished only through the use of DRM,
>> then that is a price that I for one am willing to pay.
> On a political level, many of us *aren't* willing to pay that price, when
> it means that vendors can restrict our legally-allowed rights at will.
> Especially when it's been proven that high-quality type can and will be
> produced in a free-as-in-liberty fashion.
>  <VL>
> I'd suggest that we should keep this discussion factual and to the point.
> Font vendors would never attempt to restrict your legally-allowed rights,
> you are only restricted by the conditions of the license you purchased.
> </VL>
> I attempted to separate that part from the rest of my response specifically
because it isn't a "factual and to the point" objection.  It's a
philosophical/political objection, as I said.  On a political level, though,
many are unwilling to trust content producers to not restrict our rights.
That is, after all, precisely what DRM does in other mediums, and the
various copyright lobbies in America often make statements to the effect
that Fair Use isn't valid.

I'm not trying to insult you or the font vendors specifically.  It's just
that history shows that when DRM comes into play, some will abuse it to
remove legally-allowed rights.

> On a technical level, we've been over the topic before that no form of DRM
> will ever stop piracy.  Pirates will rip any content out of its DRM shell,
> but they weren't going to pay for it anyway.  Regular users, who *would* pay
> for it (if offered at a reasonable price, of course) are the ones who suffer
> from the transactional cost of dealing with DRM at regular intervals, and
> from the loss of legally-granted rights (such as the right to make backup
> copies of your DVDs, in that medium and in the US (I'm not sure what
> copyright law says in other countries)).
> <VL>
> Agree. But let's be honest - what I am proposing is not DRM. Same origin
> restriction makes perfect sense if you want to protect the resources you use
> for your website, and if, for whatever reason, you do want to allow these
> resources to be linked elsewhere - all you need to do is to negotiate a
> proper license for it.
> </VL>
> Well, there's two things here.  The first is the simple question of why
fonts *require* Access Control, when every other resource on the web gets
along fine without it.  Don't get me wrong - I love the idea of Access
Controls solely to replace the myriad half-baked measures to prevent
hotlinking and bandwidth leaching.  However, that's an optional measure
taken by people who expressly wish it.  Making browsers refuse to recognize
linked fonts *unless* they are same-origin restricted is forcing *all* of us
to jump through hoops for the benefit of the *some* that wish it.  Font
foundries can require in their license terms that users of their fonts
implement Access Controls without browsers requiring *everyone* to do this.

>  This becomes even worse when all the proposals revolve around the
> browsers transparently implementing the DRM so that the average browser user
> does *not* see any effect (because all an average user ever does is *view*
> web pages - they don't dive into the source to download linked resources).
> The only people who will be affected by this are *us web authors*.  Any
> proposal for DRM on fonts is a direct accusation that us web authors are the
> infringers they are afraid of.
> Interestingly enough, this scenario sidesteps the main 'nightmare' behind
> DRM - that it's difficult to *find* infringers because they are everyone.
> When a web author uses a copyrighted font without permission, on the other
> hand, you *know* who they are, or at least where to find them.  You know
> their ISP.  You can serve legal demands to them quite easily.  This supports
> the argument that ordinary copyright law is completely sufficient to
> 'protect' fonts from copyright infringment.
>  <VL>
> With all due respect, I would argue that your accusations of font vendors
> are baseless and unfounded. Your rights to use a font as a resource are not
> limited in any way, and the content you create will be seen exactly as you
> intended, by any number of visitors of your website. It's not web authors
> who font vendors are concerned about, it's the fact that fonts can be used
> anywhere outside the web - on any computer, with any application, online and
> offline ...
> It takes years of efforts to produce a high quality typeface, and they
> _have_ been the subject to extreme piracy in the past - font vendors just do
> not want to make it too easy for people (who are less concerned with
> copyright laws) to grab fonts off the web and use it elsewhere.
> </VL>
> That's the point, though.  Almost nobody (across the entire internet-using
populace) even knows how to View Source, let alone parse that source and
understand where the CSS file declaration is, let alone locate the actual
CSS file, parse it to find the actual link to the font file, and then
download the file.  The class of people who font vendors are scared of is
almost coincident with the class of web authors.

For widespread piracy of a font to even be *possible*, it requires the font
to be located and downloaded first by someone knowledgeable in such
matters.  At that point obfuscation isn't an issue - the person who located
and downloaded the file can strip it off and distribute the font in a
vanilla manner.  It has been explicitly stated by you that decompressors
will be available standalone.

In other words, obfuscation has *no* effect on the vast majority of web
users, and *no* effect on the majority of the toolchain.  The only people it
affects are web authors, and the only place where it shows up is when we
authors have to do some special thing to get the font to work when we link
it (run it through a compressor, set up our server to spit out appropriate
headers, etc.).  (Of course, it also affects browser makers, who have to
implement the decompression.)  The pirate being chased by these proposals is
a boogeyman; you'd have to employ *real* DRM to get anywhere near the
appropriate target, and then you run into the same problems that every other
medium that utilizes DRM has - namely, that DRM doesn't prevent piracy.

>> The users of *free fonts* should not be hindered by the resctrictions of
>>> commercial font vendors.
>> Agreed.
> Well, *any* form of required DRM will hinder free fonts, don't you think?
> If I have a free font, I want to be able to use it without any difficult; I
> want to link it directly.  The entire issue here is that if you allow
> unrestricted linking of free fonts, there's no way to prevent unrestricted
> linking of copyright-protected fonts either.  The cat is out of the bag;
> free and restricted fonts are basically identical, right?  Of course, I am
> far (FAR) from a font expert.  If there *is* a way to consistently tell free
> fonts apart from (appropriately configured) copyright-protected fonts, then
> I have no problem with browsers implementing whatever controls they want.
> My main concern is ensuring that we authors are not forced to jump through
> hoops for font foundries when we're not even using their fonts; I'm not
> willing to go to any effort to protect their business model.  If we can
> reliably segregate the two camps, then go crazy.  Implement whatever
> draconian measures the foundries feel are appropriate.  I disapprove
> politically of this, but I have no technical problems with it at all - I'll
> just make sure to stick with free fonts.
>  <VL>
> The proposed technical solution is not DRM - it's the compression
> technology that is optimized for fonts and has its own utility value. I do
> not see any reason calling it "draconian", you obviously do not consider
> JPEG *draconian* when it comes to images.
> Technically speaking, there would be no difference whatsoever if you zip a
> free font or a commercial one - why is it any different if you were to apply
> compression that just happens to do a better job with fonts?
> </VL>
> Sorry, I wasn't meaning for "draconian" to apply to this proposal.  I
simply meant that I wouldn't care *what* font vendors implemented if I can
completely ignore it when using free fonts.


Received on Monday, 10 November 2008 17:49:50 UTC