- From: Brad Kemper <brkemper.comcast@gmail.com>
- Date: Wed, 12 Nov 2008 09:00:34 -0800
- To: post@opentype.info
- Cc: www-style@w3.org
On Nov 9, 2008, at 10:19 PM, Ralf Herrmann wrote: > > > > > bare font > > files with same-origin restrictions, so it is unclear if font > vendors oppose > > it. > > If they don't like linking fonts without built-in URL-binding, they > won't like linking fonts without URL-binding but a same-origin > restriction, because it offers no additional security for the font > vendor. It is just a default hotlinking protection. > If someone would want to use the font without a license, he would > just need to visit a site that uses the font, fetch it from the > cache and upload it to a new website. Or they could install the font > locally to do print designs with it. Yes, or if it was obfuscated they could download a program to obfuscate it. Or if it had a root string they could strip that string out of it. Either way, it would not be all that difficult to extract a workable font. You must be joining the conversation late. The goal at this point seems to be to make stealing the font a more deliberate action, not something that could happen accidentally or casually. Also, IIRC, there are ways to cache the font in RAM, so that it would not be easily available via a cache folder. A person could still get it from disk swap files, presumably, but it would not be something the average consumer would know how to do. > And these are the problems the font foundries fear. > > Nethertheless, I think the combination of a same-origin rule and > Access Control Headers makes a lot of sense and I hope other browser > will adapt it. > > Ralf > > > > > >
Received on Wednesday, 12 November 2008 17:01:14 UTC