Webfont Obfuscation: An interim solution?

Primary tabs

146 posts / 0 new
Last post
Tim Ahrens's picture
Offline
Joined: 28 Sep 2004 - 9:15am
0

Arno:
You are against everything and for nothing. How boring.

Arno Enslin's picture
Offline
Joined: 30 Jun 2009 - 3:48am
0

@ Tim

You are against everything and for nothing.

I don’t know, from what you conclude that. I am for a free web – a web with almost no control, for browsers that strictly follow the specifications, for OpenSource, for the CSS Zen Garden. For me the web is not primary a market place. I am interested in a web, that becomes attractive by private sites, investigative journalist, Wikileaks. If the web becomes more attractive, because private sites use commercial fonts without a license, yes, then I am even for font piracy. I am against piracy only in cases, in which pirates earn money in any way (with the pieces of work or with sales of the prey). I am against Steve Jobs, against the government of my country, for honey melons, for Mario Feliciano, for Honduran cigars, for Russian and Polish science fiction, for most blues – from cobalt blue to azure. And for women, that are unshaved in the intimate area (I am damn conservative with regard to that!).

Richard Fink's picture
Offline
Joined: 25 May 2009 - 10:04pm
0

@arno

>In this case [printing]I would provide different CSS for different media.

I agree. On today's web, print style sheets are a rarity. But for those sites that feature certain kinds of content I believe that will change. And web fonts are a big step towards making that an attractive proposition. I mean, there's just so much Georgia and Times you can stand.
My belief: the mix of HTML/CSS/JavaScript that powers the web will become the primary "desktop publishing" platform as well. Economics will drive it. There is simply no reason to spend the money printing and warehousing a print edition when the print edition can be contained within the "screen edition" and printed as needed by both the publisher OR the reader.

>(Actually) a webfont could not really improve the site because of technical limitations. [http://www.fishmarketing.net]

Untrue - IMHO. They are using background image replacement for headings. It's a pain in the ass compared to using a font. The text is unselectable by the user. And it can create accessibility and search issues. (But I admit, I'm not up on the latest about those two.) Any way you slice it, using images for text is a hack and I'll be glad to see it go.

@ray

>Protecting fonts from being installable in an OS will seem quaint and
>silly in a decade when using fonts for something other than
>the web will be a rarity.

Yup.

Arno Enslin's picture
Offline
Joined: 30 Jun 2009 - 3:48am
0

@ Richard

In case of the website fishmarekting and many of the styles for the CSS Zen Garden a web font could not much improve the impression, that you get from the site. (In case of fishmarketing the letters on the book, the hatchet and the label at the bottom right could not be replaced by a web font.) In all cases, in which letters are really fused with images, web fonts cannot replace image-replacement. Additionally you cannot create the same effects with CSS as with Photoshop. With regard to headlines in a linear design I agree. And if the hinting of body text webfonts is on the same level as the hinting of some of the MS system fonts, other fonts than the system fonts are useful for body text. But in case of the following site the webfont is not an improvement in my opinion: "http://www.engstfeld-weiss.de/". It is just the other way around in case of that site. Except from the font, that does not really look good in body text on screen, the site is ordinary and boring.

With regard to Javascript: I try to avoid it.

Ray Larabie's picture
Offline
Joined: 4 Aug 2006 - 5:54pm
0

@ralf
Thanks, I didn't know about the same origin rule in Firefox.

I'm still concerned hotlinking. I'm not concerned about a few fonts being hotlinkable. I'm concerned about what will happen after a decade of font linking with no protection. Unless it's actually illegal to make a browser that forbids hotlinking, browsers and other apps will eventually display hotlinked fonts. No?

Chris Lozos's picture
Offline
Joined: 25 Feb 2004 - 11:00am
0

.

Tim Ahrens's picture
Offline
Joined: 28 Sep 2004 - 9:15am
0

Ray, I think hotlinking prevention is one of the smallest problems in this area of webfont protection. It is very easy to achieve this on the server side, and it is already widely practiced for images.

Ethan Dunham's picture
Offline
Joined: 19 Nov 2009 - 11:25am
0

Ray, Tim is right. Hotlinking is so 1990's. It is bad for leechers -- who knows when the resource will be cut off? It is bad for the leechees as it sucks up their bandwidth. Leechers are easily caught and with a simple htaccess change you can shut it off. Nobody tolerates hotlinking as it amounts to stealing.

Tim Ahrens's picture
Offline
Joined: 28 Sep 2004 - 9:15am
0

I was already thinking about font hotlinking pranks. Imagine what you could do with ligatures - changing the leecher's words!

Richard Fink's picture
Offline
Joined: 25 May 2009 - 10:04pm
0

@typodermic
>Thanks, I didn't know about the same origin rule in Firefox.

+1 to what fontsquirrel and Tim Ahrens said on this.
Also, Firefox defends its same-origin restrictions as a matter of security. And it's running code. As long as even one major browser restricts in this way, hot-linking is severely hampered.
If I had to bet, I think CORS will make it into the final W3C Fonts spec. At the least, it will be a "browsers may" kind of wording and FF will stick with its current policy, for sure.

rich

Ethan Dunham's picture
Offline
Joined: 19 Nov 2009 - 11:25am
0

I've done a hotlinking prank, long time ago, when someone was basically linking to all the graphics on fonthead.com. I seem to remember changing everything to really hot pink. Not surprisingly, they stopped.

Richard Fink's picture
Offline
Joined: 25 May 2009 - 10:04pm
0

@arno

All of what you say about the fishmarketing site is true. If oversimplified in spots.
Web design is still largely about Photoshop and making things "pretty". And the site is very pretty. A digital advertising brochure. (At least the home page.)
But I would ask, "Does it make smart use of the web as a medium?" What does the site look like on a mobile browser? What does it look like on an iPad? Whereas ten years ago it was different browsers that drove web designers crazy, now it's different devices and screen sizes.
We could go on and on about this stuff. One good thing is that a lot of CSS3 is about getting rid of the need for slapping what amounts to a comp with bits of html text positioned on top and calling it a web page.
I just got back from a web design conference and one speaker showed a page that used some of the advanced CSS3 features of Safari and it was great, really. The text looked as good as anything you could cook up in Photoshop and it was just plain HTML text and CSS. And Photoshop isn't going to help you with animations. I wasn't aware how advanced Safari had become.

rich

Arno Enslin's picture
Offline
Joined: 30 Jun 2009 - 3:48am
0

@ Richard

Yes, the fishmarketing site is unflexible. It is a business card.

I don’t know the advanced CSS3 features of Safari, because I had uninstalled it a while ago. Safari was storing its whole setup program with each update and without removing the old setups. And I did not like the rendering engine. So I did not use it for surfing, but for testing my webpages only. But it never was necessary to correct anything in my CSS for Safari, because Safari did make use of it correctly; and therefore I limited my checks to Firefox (my favorite browser), IE and Opera.

I agree with you regarding to the theoretical possibilities, that you have with web fonts. But actually I am uncontended with the quality of most web fonts in body text sizes. Having a web font for body text, would be much more important for me, because with an embedded font you can better control line height, length and font size. But why not to embed Georgia, Verdana or Trebuchet MS? Actually not the new web fonts are interesting for me, but the possibility to embed system fonts. Although it is absurd in my opinion, if a private person, that does not sell anything in the web, shall license one of the MS system fonts. I assume, it is not allowed to embed a MS system font without a special license.

The text looked as good as anything you could cook up in Photoshop

But probably only, if the text is not fused with an image.

Richard Fink's picture
Offline
Joined: 25 May 2009 - 10:04pm
0

@arno
>But actually I am uncontented with the quality of most web fonts in body text sizes.

Me too. But let's face it - there's just so many ways you can render a lowercase "a" at 12px. There are just so many pixels and sub pixels you have to work with. It's like designing icons.
I've been scoffed at (yes, scoffed!) for suggesting that a lot would be accomplished if the MS Cleartype fonts would become ubiquitous either through licensing by Apple or by MSFT magnanimously making them available freely through @font-face.
I'm not holding my breath waiting for either to happen.

However, I'm confident that the dozen or so basic body text fonts that are needed will appear. It's just a matter of time now. Before @font-face, you could make them, but how would you distribute them? That's what's changed.

rich

David Berlow's picture
Offline
Joined: 19 Jul 2004 - 6:31pm
0

>I've been scoffed at [...] for suggesting that [...] if the MS Cleartype fonts would become ubiquitous[...]

Well, today there are scoff laws in effect so I'll tell you the truth. I have heard the pleas for text faces and responded as you'll soon see. Meanwhile... the CT collection is a fine group of fonts. But, in order for a font to actually work as text on "the web" it MUST be Sized and Hinted just right. Anyone with the CT collection and Verdana on the same computer can prove this for themselves.

Cheers!

Aaron Carambula's picture
Offline
Joined: 20 Jan 2004 - 6:03pm
0

@Ralf, serverside protection is protection like a condom: not foolproof, but better than nothing. Protection is not defined as absolute, unequivocally guaranteed security. That doesn't exist on earth, and certainly not on a computer.

@Arno, you're right, it is hackable, but does require effort and know-how, can be made more difficult with obscure naming, and it voids hot-linking. What version of FireFox are you using? This works for mine (3.6.3) and in Windows, too.
– update: I actually hadn't added the bit for no-cache, should be even stronger now.

Legitimate accessibility is actually the best way to fight piracy. Great fonts available at an aggressive price point (ref. Steve Jobs) through a dead simple interface makes hacking unappealing/difficult/useless. It's a big web, go for volume, make your money, piracy won't matter as much. The goal should be to make legally licensing fonts for the web easier than hacking a site and cobbling together the bits.

If the only way someone can use a good font online is to use it outside of license, it will be done illegally or another font will be used, and foundries will lose that potential money. I'm glad to see so many good services attempting to take on the challenge, I hope more foundries make their work available, right now it's actually a competitive advantage.

Arno Enslin's picture
Offline
Joined: 30 Jun 2009 - 3:48am
0

The first site (I don’t no many), from which I am impressed with regard to the use of a webfont for body text (although this does not mean, that it is very legible, but only surprisingly legible considering the background color): "http://blog.fefe.de/?css=ascii.css"

Simon Daniels's picture
Offline
Joined: 11 Apr 2002 - 6:37pm
0

It all makes sense! @ff sole purpose is to bring the Amiga back to life. :-)

Arno Enslin's picture
Offline
Joined: 30 Jun 2009 - 3:48am
0

As I had prognosticated: Your violations of the specs were no hurdle. Meanwhile there are many fonts floating around the web, that were ripped from Typekit. With corrected name table! And during the correction of the name table some of the fonts were probably damaged in a way, that sullies your reputation, because there are many people, that just want to test fonts, before they license them. And if a font does not work as expected, they don’t know, whether the designer or the foundry is responsible for the bugs. Some of them may decide then, that they are better going to license another font from another foundry.

By the way, in case of webfonts, that are illegally used in the web, it is much easier to to call the owner of the website to account. So, in a few years, when more people use webfonts, you can probably earn more money, if you surf a bit in the web and send those people, that illegally use your webfonts, a dissuasiveness. From this point of view you just could provide your webfonts for test purposes with the AIM, that they are illegally used. In other words: It may be, that you earn more money, if you do the contraction of that, what you actually are doing.

John Savard's picture
Offline
Joined: 23 Nov 2009 - 8:42pm
0

If I point my browser at a web site, and the web page accesses fonts on that web site, my browser won't give me a link to download those fonts, any more than it gives me a link to download the .css style sheet for the web page.

So if @font-face refers to a font I were going to try to steal, I would need to look at the source of the web page to find the URL, and use a browser that wouldn't say "hey, this is a font, I don't handle that file type" to get it.

That's not casual or accidental piracy already, so you are dealing with people to whom it will likely be trivial to pop the font into a font editor and give it a usable name again. Hence, I can't really see this suggestion as providing much in the way of benefits as an interim solution.

The full-bore web font format where the browser reads encrypted web fonts keyed to a particular URL... is probably the only solution secure enough that fontmakers will find acceptable.

Thomas Phinney's picture
Offline
Joined: 3 Sep 2002 - 11:00am
0

"If I point my browser at a web site, and the web page accesses fonts on that web site, my browser won't give me a link to download those fonts, any more than it gives me a link to download the .css style sheet for the web page."

Urm, that depends on your browser and in some cases what plug-ins you have installed. As has often been discussed, Safari pretty much does hand you the files on a silver platter, including the fonts! For Firefox you can get add-ons to make it do darn near anything. Chrome is headed that way as well.

Cheers,

T

Richard Fink's picture
Offline
Joined: 25 May 2009 - 10:04pm
0

I wonder at what point this all becomes old news?

1) Few web authors know how to make @font-face work.
2) By and large, the fonts provided by services or licensors don't look good.

And yet there's endless discussion about how to keep the fonts that don't look good out of the hands of the people who don't know how to use them.

It's an interesting phenomenon, really.

David Berlow's picture
Offline
Joined: 19 Jul 2004 - 6:31pm
0

There is no discussion such as you suggest going on here. In fact, we are about to make more good looking fonts available, and are going to show people how to use those too.

Richard Fink's picture
Offline
Joined: 25 May 2009 - 10:04pm
0

There is no discussion such as you suggest going on here. In fact, we are about to make more good looking fonts available, and are going to show people how to use those too.
I don't know who the "we" is, but I wish all concerned much success.

David Berlow's picture
Offline
Joined: 19 Jul 2004 - 6:31pm
0

And to your yorkies as well.

John Savard's picture
Offline
Joined: 23 Nov 2009 - 8:42pm
0

As I am hoping to apply the @font-face feature to my own web site - using an open-source font, so that there shouldn't be a licensing issue involved; my intention is to avoid requiring viewers of my web site to install a special font for mathematics - I did some web searching.

I found a nice tutorial at

http://www.miltonbayer.com/font-face/

And I also see why there is a problem now.

Internet Explorer supports only one font format - .eot - which is locked to a given web site, and thus which allows licensing. Fortunately for my purpose, I can download WEFT from Microsoft - and I will have to check the license terms of the open-source licenses, just in case I run afoul of a religious war.

Firefox supports .woff which also has some sort embedding site lock feature, so IE and Firefox do both have safe solutions for licensed fonts. This being like 90%, I would think the problem almost is solved.

Most browsers support .ttf and .otf fonts except for IE, which is good for my application.

Chrome used to only support .svg fonts. I knew that .svg was a vector image format, but I had never even heard of .svg fonts. There's obfuscation for you! But that's been fixed, so one only needs .svg fonts to look good on an iPhone these days.

John Savard's picture
Offline
Joined: 23 Nov 2009 - 8:42pm
0

However, unlike .eot, I see that .woff doesn't involve encryption. This won't quite be good enough, I fear. It avoids open-source browser projects being frozen out, true, but some font companies just won't license for that format for that reason.

Tim Ahrens's picture
Offline
Joined: 28 Sep 2004 - 9:15am
0

Not sure I understand your question but EOT does not have to be bound to a URL. I has this feature but you don't have to use it.

Thomas Phinney's picture
Offline
Joined: 3 Sep 2002 - 11:00am
0

Also, WOFF has no features to “lock” a font to use on a given URL.

T

Tom Gewecke's picture
Offline
Joined: 4 May 2008 - 8:54am
0

Regarding Mobile Safari on the iPad/iPhone/iPod Touch, the newest version in iOS 4.2.1 seems to display .ttf/.otf webfonts (and not just .svg). At least my Egyptian test page now works on my iPad.

http://homepage.mac.com/thgewecke/webfontdemo.html

This is useful, since there is no way for the user to add fonts to any of these devices.

Simon Daniels's picture
Offline
Joined: 11 Apr 2002 - 6:37pm
0

>Regarding Mobile Safari on the iPad/iPhone/iPod Touch, the newest version in iOS 4.2.1 seems to display .ttf/.otf webfonts (and not just .svg).

How about WOFF?

Cheers, Si

Tom Gewecke's picture
Offline
Joined: 4 May 2008 - 8:54am
0

>How about WOFF

I think not. Can you suggest a good test page where only WOFF is used?

Simon Daniels's picture
Offline
Joined: 11 Apr 2002 - 6:37pm
0
Tom Gewecke's picture
Offline
Joined: 4 May 2008 - 8:54am
0

Thanks, Sii. WOFF seems definitely not supported yet.

Simon Daniels's picture
Offline
Joined: 11 Apr 2002 - 6:37pm
0

Thanks for checking. I blame Murdoch :-) he's a bad influence of Steve.

David Berlow's picture
Offline
Joined: 19 Jul 2004 - 6:31pm
0

...iOS supports the most interoperable format now. The trendiest format...not so much.

and sii, iOS is to Murdoch as IE9 is to whom? Who should we blame for IE9's ttf support?

Simon Daniels's picture
Offline
Joined: 11 Apr 2002 - 6:37pm
0

>Who should we blame for IE9's ttf support?

If you are a supporter of raw fonts then Apple clearly gets credit for being the first company to support the effort. Hakon Lie needs to get some credit for promoting the idea.

But as the Murdoch blame was a joke, I'm goig to blame Tony Stark for IE9.

David Berlow's picture
Offline
Joined: 19 Jul 2004 - 6:31pm
0

Blame IEronman hu?;) and I'm not so much a supporter of raw fonts as I am a supporter of the ttf as payload for print and web. This is a big step in both the direction of apple respecting the tt spec again, and getting hopefully on the road to Woffing Cross..

Richard Fink's picture
Offline
Joined: 25 May 2009 - 10:04pm
0

Does anybody have more info about the Tony Stark - Rupert Murdoch - Steve Jobs connection? Is it true that Peter Parker's involved, too?

Chris Lozos's picture
Offline
Joined: 25 Feb 2004 - 11:00am
0

That would be Spiderman, Richard :-)

Richard Fink's picture
Offline
Joined: 25 May 2009 - 10:04pm
0

Jeez, Chris, you're right! Does the Justice League Of America know about this?

Chris Lozos's picture
Offline
Joined: 25 Feb 2004 - 11:00am
0

Only if they are Web people :-)

Richard Fink's picture
Offline
Joined: 25 May 2009 - 10:04pm
0

Superman's gonna be pissed.

Chris Lozos's picture
Offline
Joined: 25 Feb 2004 - 11:00am
0

He can browse faster than a speeding bullet but not on the web ;-)

Chris Lozos's picture
Offline
Joined: 25 Feb 2004 - 11:00am
0