Specimen Security

hrant's picture

I've taken part in many discussions about the flaws/merits of the various ways of presenting type specimens on the web. But one thing that I've yet to get a handle on is the security aspect (referring to the extraction of fonts by hackers).

Bitmaps are of course totally safe (except for bitmap fonts! :-), but they're yucky in so many ways. Even the ones that generate images of user-defined phrases real-time are uninspiring to me. I personally like specimens where you can type "live" (like on http://www.typography.com/ - although I actually think those horizontal jail bars make things worse overall). So if one wants to use a technology which uses the outline font (in one incarnation or another), like PDF, Flash, etc., what are the relative security merits of each?

There is general agreement that PDF is not highly secure, but many large, established font houses use them. There is also general agreement that Flash is highly secure, but I've been shown with 90% credibility that it's not.

So far I've been using Shockwave* (not Flash), but that was a temporary solution - even though it's been two years now... :-/ So what should I *really* use?

* http://www.themicrofoundry.com/f_arasan.html

hhp

fontguy's picture

Hrant,

You're right, PDF is not very secure -- especially with Type 1 fonts -- but I think it's the best format for people who'd like to print test the specimens as well as preview them on screen.

I create special versions of fonts to embed in PDFs containing only those glyphs I'm displaying in the file, so if someone were to extract it, they wouldn't have the complete font. I also give them different names so that they appear, to the untrained eye, as some special system font Adobe has embedded (e.g., a name consisting of numbers followed by "_mm").

Another level of protection (in addition to the above) would be to generate the font in TrueType format with the embedding level set to read-only print/preview.

I haven't tried that because I figure if someone has the technological savvy to extract fonts, they could also easily change the embed flag. But at least they'd wind up with a TrueType version (this wouldn't make sense if you were designing in TT native, in which case maybe you could embed in T1 format).

hrant's picture

> What have you heard about Flash?

Heard:
That the difference between a protected Flash movie and non-protected one is one byte: you set it to the right value, and you can load up the movie in Flash, and access the font.

Seen:
About a year ago, to prove a point, somebody emailed me one of my fonts (in TT format - the original was T1) extracted from a Shockwave movie on my site. At that time I had not yet sold any copies of that particular font, but had *possibly* given a single copy to one person (unrelated to the person who emailed me) - I don't remember.

> I think [PDF is] the best format for people who'd like to print test the specimens as well as preview them on screen.

I agree for printing. But for the screen I see a number of problems with PDF: it's not live; it's big/slow/clunky; and it doesn't integrate into a web environment like Flash does. SVG is supposed to fix some/all of those, but it's not being supported (which I don't mind - SVG just doesn't smell right to me, for some reason). Oh, and what about MS's WEFT/EOT and BitStream's TrueDoc stuff?

BTW, I should say that I'm actually a lot less concerned with security than I might have sounded. My motivations in this thread are:
1. I just like to *know* what's going on.
2. I'll be posting samples of a new font in the Typophile Forums, and would like to avoid having old/incomplete versions floating around by the time I release it.

> I figure if someone has the technological savvy to extract fonts, they could also easily change the embed flag.

Nice and pragmatic - my cup of tea!

hhp

hrant's picture

> somebody emailed me one of my fonts

BTW, my reaction? "Thank you."

hhp

peterbruhn's picture

Some links I found on Flash safety, while making a quick Google search:

http://builder.cnet.com/webbuilding/0-3883-8-5991520-3.html

"A useful source distribution format, FLA files contain all of the original media as native data, including sounds, bitmap images, and vector artwork, but not fonts."

also

http://builder.cnet.com/webbuilding/pages/Graphics/FlashPoint/072500/?tag=st.bl.3883.txt.fp072500

and


http://builder.cnet.com/webbuilding/pages/Graphics/FlashPoint/072500/ss03.html


/peter

hrant's picture

> FLA files contain all of the original media as native data, including sounds, bitmap images, and vector artwork, but not fonts.

What does this mean, exactly?
1. The font is kept external to the file, like in a cache (which is maybe even less safe)?
2. The font is converted (as we already know) when it's imported into Flash, so the "native" data is gone? But this could just mean that you get a TT instead of a T1 - and I *have* also heard that Flash prefers the TT format as the source (as long as it's native TT, not stuff Fog exports).

BTW, interesting links.

hhp

spiral's picture

in my experience, imported flash files display with arial, not the used font... at least when imported back into flash

peterbruhn's picture

Yes your are right Joe..I didn't think about that..it's a bit late here...

I always thought (this is just an assumption I have no facts) that when you made the SWF from the FLA the font was made into plain vector outlines...like you can do with a font in Freehand & Illustrator. Does anyone know if this is correct?

I know you can decide on which charaters of the font to include in the text field.

Is an idea, for the purpose of security, to just include the basic characters & not all?

hrant's picture

> the ability to use a font in Flash (in the FLA) depends on whether you have it on your system.

That seems very different than Director/Shockwave, where you can use a system font, or you can import a font and have it available all the time (although the "native" format isn't [necessarily] preserved).

So how does the Flash Player use fonts that are not on the viewer's system?

> imported flash files display with arial, not the used font... at least when imported back into flash

Do you mean when you import a non-protected SWF?

> I always thought (this is just an assumption I have no facts) that when you made the SWF from the FLA the font was made into plain vector outlines...

If that's the case, then setting a lot of text in Flash is very inefficient (unlike if the font was available)... unless it's making Library entries for each character and then using those!

> Is an idea, for the purpose of security, to just include the basic characters & not all?

Except that for a font specimen you'd like to show all the characters. :-/

hhp

hrant's picture

> Fonts as outlines doesn't jam with Spiral's note about imported SWF diplaying arial.

Except if he was talking about FLA files, in which case it makes perfect sense.

> Storing multiple ocurrances of the same char in one space is... a function of a font

But who cares, as long as it's in some proprietary Flash "architecture"? If it can't be re-used (or even opened) then that's more than adequate protection.

> Been told that some types of resources can exist outside SWF as "fonts" for the SWF.

This is what the guy who emailed me implied: the font is actually downloaded/stored as a separate file in the browser's cache. *However*, this might only apply to Shockwave and not Flash (remember that the teams who programmed the two apps are completely unrelated). I think maybe Shockwave uses TrueDoc (and maybe even ignores the embedding restriction settings - unlike the real TrueDoc) but Flash doesn't.

hhp

hrant's picture

> Secret: not.

Secret *enough*: yes.

> SWF can be re-imported, logic implies only author would have FLA, and thus fonts too.

Mistaken logic. (Think it through. Or try to.)

Suggestion: get lost, maybe you can find a life.

hhp

spiral's picture

to clarify:

i made a test, by making a flash file with a specific font, exporting a .swf, uninstalling the font, and re-importing the unprotected .swf
i do not get font outlines. i get the text, editable, with arial.

and to further clarify: spiral is a she ;)

hrant's picture

> .... re-importing the unprotected .swf ....

So where's the font? If the correct font shows up when a third-party browser accesses the file, it must be *somewhere* in there. Maybe the SWF contains the font *and* a reference to the font, and when you *play* the file it shows up, but when you *reload* it, it doesn't. This would make sense because it avoids unnecessary loss in quality for the author* (if he reloads a SWF). What's really cool is that this in effect might be a great form of font protection! (Assuming protected SWFs -which can unfortunately be cracked- do the same thing; I'm guessing they do. Does anybody here know how to crack a protected SWF? We should try importing one and see how the font shows up.)

* Although third-parties would end up fontless... But I guess they're not "supposed" to open a SWF anyway!

Spiral, if you have the inclination, could please try playing the un-protected SWF on *another* machine (and one that doesn't have the font installed)?

BTW, this might [help] explain the (related?) confusion with "FLA files contain all of the original media as native data, including sounds, bitmap images, and vector artwork, but not fonts."

hhp

spiral's picture

::could please try playing the un-protected SWF on *another* machine?
will try doing that

btw, when i opened the link to the microfoundry preview, a font showed up loaded into my system when seeing my fonts with my font manager (typograf), but did not show up in my fonts folder, and i could not save it or copy it.

that has never happened with a flash file

hrant's picture

> a font showed up loaded into my system when seeing my fonts with my font manager (typograf)

!!
OK, now I'm sure that stealing a font from Shockwave is *much* easier than from Flash... I wish somebody had told me, oh, a *year* or so after I had launched my site... :-/

Anyway, when I made those things Flash 4 had just come out (and Flash 3 couldn't do what I wanted), plus I didn't know Flash back then (I'm still much more comfortable with Director), but I think it's about time for me to replace my Shockwaves with Flashes.

Thanks very much for the info, Ms Spiral!

hhp

hrant's picture

BTW, what about security with MS's EOT/WEFT technology?

hhp

spiral's picture

well, i opened a .swf in another computer, and again got editable text with default font....

same with downloaded .swf's

peterbruhn's picture

Here's something from the Flash manual:

When you use a font installed on your system in a Flash movie, Flash embeds the font information in the Flash SWF file, ensuring that the font displays properly in the Flash Player. Not all fonts displayed in Flash can be exported with a movie.
To verify that a font can be exported, use the View > Antialias Text command to preview the text; jagged type indicates that Flash does not recognize that font's outline and will not export the text.

As an alternative to embedding font information, you can use special fonts in Flash called device fonts. Device fonts are not embedded in the Flash SWF file. Instead, the Flash Player uses whatever font on the local computer most closely
resembles the device font. Because device font information is not embedded, using device fonts yields a somewhat smaller Flash movie file size. In addition, device fonts can be sharper and more legible than embedded fonts at small type
sizes (below 10 points). However, because device fonts are not embedded, if users do not have a font installed on their system that corresponds to the device font, type may look different than expected on a user's system.

Flash includes three device fonts, named _sans (similar to Helvetica or Arial), _serif (similar to Times Roman), and _typewriter (similar to Courier). To specify a font as a device font, you select one of the Flash device fonts in the Character
panel, or select Use Device Fonts in the Text Options panel. You can specify text set in a device font to be selectable, so that users can copy and paste text that appears in your movie.

You can use device fonts for static text (text that you create when authoring a movie and that does not change when the movie is displayed) or dynamic text (text that updates periodically through input from a file server, such as sports
scores or weather data).

hrant's picture

(This is getting confusing...)

Spiral:
How were the fonts defined during authoring? Were they "device" fonts? if not, were they left as fonts upon export, or were they converted to outlines first?

Peter:
Is this from Flash5? I don't remember reading anything nearly that interesting in the Flash4 manual. This matters a lot because -unless Flash5 offers us new font security advantages- it's better to stick with Flash4 (because of greater penetration*), at least for the purposes of this discussion.

* http://www.macromedia.com/software/player_census/flashplayer/version_penetration.html
(And this is *Macromedia* talking.)

Jared:
I'm guessing that you must have had to convince Jonathan that Flash was safe [enough] to have it on his site, so could you please help us out with what you [might] know? Pretty please, with chocolate syrup on it?

hhp

spiral's picture

my font was definitely not a device font. it was a truetype i installed on the computer. Device fonts in Flash are the default ones that come with it, so you don't have to embed a font if you don't want to. I've also made the experiment of checking filesize on a .swf file with/without embedding fonts, and there is a difference.

::research::
:looked at all the flash resource extractors, none mentioned fonts (which is not positive proof, but it may be a sign)
:asked at the forums at flaskit.com... got an answer that fonts cannot be extracted


my theory (guess) is that the font is included in the .swf, but in such a way that it is not recoverable by importing the file back into flash.

something interesting. found this site:
http://www.flash-france.com/ff2001.php
which uses not plain flash, but dynamically generated .swf's using flash generator. perhaps this is even safer?

hrant's picture

> the font is included in the .swf, but in such a way that it is not recoverable by importing the file back into flash.

I think so too. My suspicion is that the font is "decomposed" into a large set of Flash-specific Library entries (which might also explain why kerning is not available? I mean in the case of "live" typing), which means you'd need a special utility to put it all back together, and I'm not sure you'd get the exact original outline (especially if it's Type1).

> http://www.flash-france.com/ff2001.php

!!!
Help, I'm having trouble breathing! Wow, this is just too amazing. Somebody actually did it. And if it's true that there's nothing to download, then this is it, baby, the Holy Grail of online font display.

Does it have any problematic viewing requirements?

hhp

peterbruhn's picture

Hrant asked:

>Is this from Flash5? I don't remember reading anything
>nearly that interesting in the Flash4 manual. This matters a
>lot because -unless Flash5 offers us new font security
>advantages- it's better to stick with Flash4 (because of
>greater penetration*), at least for the purposes of this
>discussion.


Yes it was Flash 5. I really can't remember i Flash 4 had
the same possiblities, but i think so.

Hrant wrote:

>"My suspicion is that the font is
>"decomposed" into a large set of Flash-specific Library
>entries (which might also explain why kerning is not
>available? I mean in the case of "live" typing), which means
>you'd need a special utility to put it all back together,
>and I'm not sure you'd get the exact original outline
>(especially if it's Type1)."


I must agree with this conclusion.

A thought: if they just can get to extract each shape separately
is there any big problems? If the spacing & kerning is lost it would take an pirate
ages to get a well kerned, spaced (& hinted) font. Compare this to
scaning a font from a specimen book & then vectorize it. It would take it's
share of work. I'm not really sure pirates want to make that effort?

Joe wrote:

>"I just did my own test, importing an
>unprotected Flash 5 SWF back into Flash.
>Indeed, the type is editable once it's
>back in Flash. (Meaning you can use the type
>tool, etc.)"


I did the same thing both with the font used
still intsalled, & then one time with it uninstalled.
Both times I got the opposite result. I could import
the GIF image that I'd included but not the font.

It's strange that we got different results.
What I used was the option "input text" which makes
the same affect as the test drive at Hoefler's or Thirstype's site.

Through some friends, working daily with Flash, I have also
put the question on different Flash communities. All the
answers concluded that they wouldn't know how to extract a font
& no one had heard of any software that did so.

Working on a big update of my site, where Flash is the way I show all
the specimens, I really hope that it's safe enough.

Just from the top of my head i can think of some
foundries that also uses Flash:

psyops.com
typography.com
thirstype.com
t26.com

theres's probably more
I guess they wouldn't use it if it wasn't safe?
Anyone from those sites reading this?

/peter

hrant's picture

> I guess they wouldn't use it if it wasn't safe?

Well, they wouldn't use it unless they *thought* it was safe *enough*. Which means less than one might hope in general. But I'm starting to think Flash is really very safe after all (certainly for me) - the problems I cited at first were I guess related to Shockwave, apparently a very different animal. And if we can get Flash Generator to work easily, then that's probably even much safer.

On the other hand, I will soon try to do some of my own tests too (with Flash4).

hhp

hrant's picture

> Do you mask the specimen or not?

No! I thought about this myself, and here's my [typically pragmatic] conclusion:
You have to draw an -admittedly- fuzzy line between different types of customers. Some people will buy a font with little coaxing, to be "ethical". Most of these people would buy it even if they could "steal" some (in any case notably limited) renderings. Other people will very seldom pay for type - you have to lure them in. How? Exactly by letting them "steal" your Flash *renderings* (but not the font). You let them become dependent on a font, and many of them will eventually break down and buy the thing, to avoid all those time-consuming screen grabs, or maybe more significantly to eventually use the font for print. I thought about this a lot, and that's why I made my Shockwave renderings as clear as possible: exposure, and addiction.

Lose the bars, dude. Set your fonts free, and if they're good they'll go out and bring in customers better than any marketing department ever could.

hhp

hrant's picture

BTW, Jared, what's your opinion of the Generator aspect of this?

hhp

bardram's picture

just to butt in here, but i think that those of you that worry about security in pdfs, swfs etc are really going a bit overboard - it's not really worth your while.

hrant's picture

> going a bit overboard - it's not really worth your while

Hey, we're the *moderates*! :-) You wouldn't believe how delusionally paranoid some font houses are.

In generally I agree with you: the time you spend worrying (mostly helplessly) could be spent designing. This is something even Carter for one has said on various occasions.

But there might be a special case:
If you're showing work-in-progress in public (like in Typophile's Critique forum), there's the issue of pre-release versions floating around, potentially causing great confusion. Piracy might be largely unavoidable, but at least let them not pirate the wrong version, eh? :-/

hhp

bardram's picture

yes, but everyone know that a real type pirate would only settle for the real thing!

:)

seriously, even embedding bits in a binary to track *who* is pirating your fonts wont deter them. they'll just "mine" them out...

hrant's picture

{Fearing another fruitless debate about piracy...}

I see two ways to reduce (but never eradicate) piracy:
1. The hard approach: design and implement a complete, encrypted, secure font installation/rendering mechanism, possibly based on ATM.
2. The soft sell: Honorware:
http://www.typophile.com/forums/messages/30/692.html?1011647082

The first one seems to be virtually impossible to turn into reality. The second one is within our reach this very minute.

hhp

Jared Benson's picture

What have you heard about Flash? I have yet to find a program that can successfully extract the vectors. I've even found a few hack programs that allude to it, but are unsuccessful.

jb

Joe Pemberton's picture

Peter, the FLA is the native Flash format that you edit and work with. The SWF is the file you export before publishing the file to a site. Just like the difference between a PhotoShop file and a GIF or JPG. So, the ability to use a font in Flash (in the FLA) depends on whether you have it on your system.

So, Peter the FLA isn't the file you'd distribute anyway. Pardon me if you already knew this... perhaps I misunderstood you.

Hrant, there's no caching of fonts involved. Further, the font is not converted when you use it in Flash. It is however set to outlines when you export it to SWF format.

//joe

Joe Pemberton's picture

Peter, you're right. When you export the native
Flash file (FLA) to an exported file (SWF) it
turns all fonts into outlines. There is no way to
export a SWF without turning fonts to outlines.

You're also right that Flash only embeds the
characters you use in the file.

Further--Hrant's second guess is correct--if you
use a particular lc k 43 times in a single SWF,
the user only downloads one lc k. Flash merely
references other instances of the 'symbol.' (This
is one of the main reasons SWF is such a brilliant
web medium--it's very economical to download.)

Let me clarify one last point. When you view an
exported Flash file (SWF), you are viewing
whatever fonts the creator used in the native
Flash file (FLA)--which are only available if
that creator had the fonts on his/her system.
Viewing fonts in a SWF is totally independent of
fonts you have in your system. Sorry if I led you
astray.

Jared's modesty prevented him from taking credit for
building the font preview mechanism at
http://www.typography.com. It's 'real time' and is not as
cumbersome as some GIF-based mechanisms
because it's built with Flash.

//joe

anonymous's picture

Under close questioning a Macromedia contact alleges that fonts are converted to outlines when creating SWF. However it is also known that Macromedia were/are a TruDoc licensee (do your own digging).

Fonts as outlines doesn't jam with Spiral's note about imported SWF diplaying arial. Storing multiple ocurrances of the same char in one space is... a function of a font, Joe.

Been told that some types of resources can exist outside SWF as "fonts" for the SWF.

anonymous's picture

>But who cares, as long as it's in some
>proprietary Flash "architecture"?

Proprietory: Macromedia specifies the format, like Adobe specifies PostScript.

Documented: Macromedia documents the format so that others can build tools that make SWF, like Adobe docu...

Secret: not.

Agressive: "Except if he was talking about FLA files, in which case it makes perfect sense."

Unclear: Spiral says neither, so assumption is wrong either way. SWF can be re-imported, logic implies only author would have FLA, and thus fonts too.

Someone says: "Ask Benson" ("This is what the guy who emailed me implied...")

Someone is: Laughing, but threatening me with violence...

Joe Pemberton's picture

I won't claim to be a technical wizard. But, I've used
Flash extensively and based on my own experience,
when you import an 'unprotected' SWF back into Flash
all fonts are outlines.

They are still vector art, and presumably one
could copy them into any other vector app.

//joe

Joe Pemberton's picture

Baaaaa*

I was wrong.

I just did my own test, importing an
unprotected Flash 5 SWF back into Flash.
Indeed, the type is editable once it's
back in Flash. (Meaning you can use the type
tool, etc.)

However, I'm still not sure that's a bad thing.

//joe

*Feeling somewhat sheepish.

Jared Benson's picture

Joe's pretty much covered my feedback on this topic. I've always assumed that if anyone were able to extract the vectors, they would have to rebuild the font manually by pasting those vectors back into a tool like Fog.

The precaution? When we build the HTF Testdrivers, we included a limited character set just in case someone, someday, was able to extract them. But so far I've never heard of anyone doing it successfully.

FWIW, I definately prefer a Flash-based interface over one where it renders type as a pixel-based image.

The bigger question in my mind is, Do you mask the specimen or not? Without any visual noise (ie. the horizontal bars at HTF), what's to stop people from setting type and screenshotting it for use on their site, etc?

Joe Pemberton's picture

The pattern behind the type sampler at Jeremy
Tankard's site is a nice touch (neither too
obtrusive to preview the type, nor too easy to
remove.)

Reminds me of the inside of those 'security'
envelopes.

http://www.typography.net/
(Click on "Typefaces", then select a face, then
click on a weight to view the pop-up type sample
feature.)

Syndicate content Syndicate content