

Web Fonts - View on the web fonts issue from a font designer - nickb
http://talleming.com/2009/04/21/web-fonts/

======
mr_justin
It's interesting to hear from type designer, certainly not a voice that is
heard often enough, at least not in the web developer community. His concern
that "someone can take one of our fonts, put it in a freely accessible
directory on their server, that’s a violation of most of our license
agreements" is nothing new. Håkon's "free font" technique does not introduce
this problem, nor does it make it any worse in my opinion.

As a side note, I find it incredibly ironic how difficult it is to read that
web page due to the "design" choices made. Thank god for readability:
[http://blog.arc90.com/2009/04/readability_updated_with_some....](http://blog.arc90.com/2009/04/readability_updated_with_some.php)

~~~
thristian
'Håkon's "free font" technique does not introduce this problem, nor does it
make it any worse in my opinion.'

It does make it worse - previously, there was no reason to make proprietary
fonts available on the Web unless you were (a) the vendor, or (b) deliberately
infringing copyright. Håkon's technique gives people a good reason to put
proprietary font files online, and hence introduces a new third class of
users, each of whom might or might not be using the font legitimately.

------
andymoe
OK. But seriously, green on black? His credibility is was killed with me as
soon as the page loaded.

~~~
timb
This page is beautiful. It is like nice vintage clothing, or a pleasing piece
of old furniture.

------
thristian
I think this is a far more reasonable and defendable position than Mark
Pilgrim's (albeit unreadable - I second the recommendation of Arc90's
Readability). These are simple, achievable actions that will provide type
creators with a modicum of protection from font-thieves, without making life
hellish for people who want to use fonts legitimately. Sure, it's not absolute
protection, but absolute protection is impossible, so let's not waste time
trying.

As for the "but stock photos don't need these protections", type is different
- a stock photo of a smiling baby is and can only ever be a photo of a baby,
and will probably be cropped and aligned and coloured and scaled down and made
part of the rest of the layout, effectively unusable for any other purpose and
hence not worth stealing. A font can be taken and made into a thousand
unrelated things, each just as perfect as the original.

------
wmeredith
"These are my views. They do not reflect the views of my clients, my
colleagues, my friends, my family, my company _or, if you want to argue, me._
"

Way to stick to your guns. I stopped reading right there. (Emphasis is mine.)

~~~
derefr
I believe "argue" was implicitly defined as "sue the aforementioned parties"
(as it would more obviously be if he hadn't included himself in the list.) I
have "views", too, but they're nothing objective enough (thus the name
"views", implying that no two people can share exactly the same one without
overlapping one-another in space) that I would care to defend them in a court
of law.

~~~
wmeredith
That makes more sense.

------
trapper
"There should be a new file extension for this. I propose “.wtf” - “WebType
Font”."

And someone said they weren't technical!

------
lifeisstillgood
I think it is interesting to hear from the other side of the fence every so
often, but the proposed plan is sub-optimal. I would like to suggest what I
think is a better model.

The "Sampo solution" to licensing (each foundry holds a page listing which
domains are allowed to use a font) is frankly unworkable.

Imagine if helvetica was licensed this way - on every web page more or less.
Every time a browser visited a new domain it would need to download a very big
file from a foundry website (there are how many domains? What does a ten
million line file cost to download on a mobile?). And what about the TTL for
that list, make it a week and every browser around the world needs to download
it all again. Even Google would sag under that kind of load.

The first idea that comes to mind is to just replace the "root table" with a
y/n call - here is my webpage, here is the font name, can i use it. This does
not really solve the problem - it reduces traffic sure, but the issue is that
if i visit domain x I automatically need to visit another domain, that may or
may not be available. Its inelegant, its inefficient and its insecure. The web
would effectively 'not work' if a big foundry said 'no to all'. And that is a
big ransom demand to put in anyones hands. And I strongly suspect there is a
really powerful cross-site scripting vulnerability sitting in there.

It also works against the foundries - the solution decides the licensing.
There is just one kind of license - per domain. No sophistication, no
negotiation. What if you only want to license your font for my mobile readers.
What if you want to license it for the first 100,000 views for free as a
taster, then stick it to me. What if everyone hosted on rackspace servers gets
it. The technology should limit the business options as little as possible.

Ok, what do you suggest then ?

I prefer a slightly more network-friendly solution. There are not that many
foundries (certainly orders of magnitude less than domains) so it is quite
feasible for them all to put public root certificates in browsers, or at worst
run shared CAs. The technology is already there for SSL. Then each website who
wants to license a .wtf (great name!) file pays their money and gets a signed
(hashed) license file which sits next to robots.txt. The browser downloads the
web page, the font and then decrypts the license file with the known public
key.

The license file is then located where it should be, on the site with the
font, and we can trust the license file is genuine. If its out of date thats
the webmasters problem.

The license file could hold

\- domains allowed \- servers / ips allowed \- license type \- an extensible
other data section.

The license type would need to be pre-agreed with the browsers, the first
obvious one is per domain. But any number of types (lets say one byte or 255)
could be invented as the browser manufacturers and foundries talk.

This solution has a lot more going for it.

We avoid the horrors of mass file downloads, of out of date caches causing
havoc and of finding that we put the entire web under the control of one small
group of font designers.(I am sure they are lovely people each and every one,
in fact thats why i dont want to do it. Imagine the stress of avoiding that
temptation, lets not put them through it, the dears.)

It also follows the same approach as has been proven to work with ssl for a
dozen years, and reuses technology instead of inventing it.

The downsides - well font designers are asking web browser manufacturers to
enforce their copyright. If they get it, the exact same approach can be used
for, well anything. If youtube has not got right license file, no playing.
Seems like a can of worms to me, and I suspect I would not want to do it if I
were Apple or Mozilla.

Anyway, my two cents.

[edit:removed a comment that might be a bit flame-y]

~~~
ferqereasdf
I think you misunderstand Sampo's proposal. He's suggesting that the allowed
domains be embedded in the font file itself.

Incidentally, that's essentially the same thing that EOT does. The difference
between Sampo's proposal and EOT is that Sampo suggests using mechanisms
provided by OTF/TTF to store the data rather than invent an entirely new
container format.

The SSL based scheme strikes me as completely insane. PKI is a ton of work to
maintain and this idea doesn't even address the crux of the issue, which is
distributing full, proprietary OpenType / TrueType fonts.

