Re: CSS3 @font-face / EOT Fonts

On Nov 13, 2008, at 4:51 AM, Mikko Rantalainen wrote:

> Brad Kemper wrote:
>> You must be joining the conversation late. The goal at this point
>> seems to be to make stealing the font a more deliberate action, not
>> something that could happen accidentally or casually.
>
> Do you require the browser to prevent usage of a stealed font or is it
> enough that it's possible to prove that the font is not licensed?

Who me? I am a site author. I prefer that I be trusted to use the font  
appropriately according to my license. I do not want the browser to  
try to guess what that means and make it significantly harder to use/ 
author.

> I ask this, because for the first the browser must be able to decide  
> if
> the font is correctly licensed for a given usage (a *very* hard task
> given the current licensing options for commercial fonts) and a good
> solution does not exist.
>
> If the only target is to make it possible to check if, and for who, a
> font is licensed, all you need is a digital signature. That can be  
> added
> to font files by commercial font vendors. The signature information
> could include licensee name and contact information and the whole  
> stuff
> is then signed with font vendor's private key. The signature can be
> later verified against vendor's public key by any user (or user  
> agent).
> The font vendor can even publicly declare that it does not license  
> fonts
> without signatures and that any font file that claims to be made by  
> said
> vendor and does not contain vendor's signature is a pirate font. UAs
> could then respect that claim if they so choose (most UAs probably  
> would).

Yes, I actually proposed something similar. It wouldn't help in going  
after the original purchaser, though, as anyone could have taken it  
from his site and removed the wrapper/de-obfuscated/decompressed/ 
whatever. It would help in prosecuting people who used stolen fonts on  
their site. It would not help in prosecuting people who stole a font  
from a Web site and then used it to produce print materials.

> However, the machinery needed to *prevent copying* of the font file,
> removing the signature, forging the font vendor information and
> resigning the font file for another signature cannot be prevented  
> (did I
> already say that DRM system do not work?).

I agree. They may be able to dissuade some people but not stop someone  
more determined. The focus seems to be in making the de-obfuscation  
something that could not be done casually or accidentally, and not  
something that would be available to the rest of the OS. Whether or  
not that is possible seems to be an open question for some, although  
ROC and others don't seem to see a way it could be.

>
>
> -- 
> Mikko
>

Received on Thursday, 13 November 2008 17:05:26 UTC