Re: css3-fonts: should not dictate usage policy with respect to origin from Glenn Adams on 2011-06-30 (www-style@w3.org from June 2011)

From: Glenn Adams <glenn@skynav.com>
Date: Thu, 30 Jun 2011 14:45:30 -0600
To: John Daggett <jdaggett@mozilla.com>
Cc: John Hudson <tiro@tiro.com>, Vladimir Levantovsky <Vladimir.Levantovsky@monotypeimaging.com>, liam@w3.org, StyleBeyondthePunchedCard <www-style@w3.org>, public-webfonts-wg@w3.org, www-font@w3.org, "Martin J." <duerst@it.aoyama.ac.jp>, Sylvain Galineau <sylvaing@microsoft.com>
Message-ID: <BANLkTinzxR5c3=cfnCEam7ZTzrdj0j+-mQ@mail.gmail.com>

Or to rephrase, this has nothing to do with security at all, only with the
enforcement of business terms.

On Thu, Jun 30, 2011 at 2:42 PM, Glenn Adams <glenn@skynav.com> wrote:

> So, as I've previously said, this is only about content protection
> mechanisms and their enforcement. There is no security risk on the part of
> the end user (viewer of content rendered with web fonts) that is at stake
> here.
>
> On Thu, Jun 30, 2011 at 2:09 PM, John Daggett <jdaggett@mozilla.com>wrote:
>
>> Glenn Adams wrote:
>>
>> > So, there is no end-user risk that is being addressed here other than
>> > the hypothetical case of violating an EULA? Is that really what all
>> > this noise is about?
>>
>> No Glenn, this is an information leakage issue, it allows for the
>> contents of a font, the glyph data, to be transmitted beyond the
>> boundaries specified by an *author* (for example, on an access-limited
>> site), not just beyond what is allowed by some form of licensing.
>>
>> > Could you send me or point me at a EULA for which SOR on fonts is
>> > relevant?
>>
>> Ascender (Microsoft distributes their fonts via Ascender)
>>
>> From their Web Fonts EULA:
>> http://www.fontslive.com/info/web-fonts-eula.aspx
>>
>> > 11. “Web Site” as used herein shall be the web site identified by you
>> > in your account at ascenderfonts.com; (i) which utilizes the Ascender
>> > hosted Web Font Software in its web pages through the use of the
>> > Services, (ii) which does not in any way enable the permanent
>> > installation of the Web Font Software by End-Users on any workstation,
>> > computer and other electronic device, and (iii) which reasonably
>> > restricts access to Web Font Software from use in any way by web pages
>> > or any document not originating from your Web Site (For example; by
>> > using referrer checking to prevent hotlinking or deeplinking).
>>
>> FontFont
>>
>> From their Web Fonts EULA:
>> http://www.fontshop.com/licenses/fontfont/
>>
>> > 2.3. Font Software File Protection. You must ensure, by applying
>> > reasonable state-of-the-art measures, that other websites cannot
>> > access the Font Software for display (e. g. by preventing hotlinking
>> > and blocking direct access to the Font Software via .htaccess or other
>> > web server configurations).
>>
>>
>

Received on Thursday, 30 June 2011 20:46:36 UTC