Hi. First time caller…
I have some font-embedding/licensing questions and I hope to learn some answers or at least get some leads.
First some quick background: In a nutshell, I’m a designer at a design, design research, and development company that creates UI/UX for new applications in addition to fixing/redesigning existing applications. We’ve been around for about 12-13 years and many of our engagements have been for web-based business applications.
Anyway, it’s really just within last few years that fonts outside stock OS libraries have been realistically viable for mainstream use (also much of our work has been for business/enterprise applications) so specifying non-standard fonts wasn’t even really an option — it was more like “Sigh. Well, are we using Arial, Verdana, or Trebuchet?” because everything else looked terrible on crappy corporate bulk-purchased monitors.
As we all know, thanks to Typekit et al, using non-system fonts in client work is easier, affordable and looks great blah blah blah. It’s no longer a compromise to design a cohesive suite of websites, web apps, print materials, and mobile apps that all respect the client's brand/style guide.
But then there’s an area that is much more mysterious — Desktop applications. Almost all of the respectable foundries offer webfont as well as mobile app and e-reader licenses but I’ve yet to find any public information concerning the licensing costs of embedding fonts in Mac OS X and/or Windows desktop applications. We had a client not too long ago for whom expenses were not an issue (this is a very rare animal) and we had sold them on using some lovely [Highly-Respected-Foundry] type. After an inability to choose an appropriate format/license from HRF’s website we had a follow-up email conversation where they explained that they don’t offer fonts for desktop embedding because Windows does not offer a reliable way to protect fonts from being extracted (and then pirated). Unfortunately, I wasn’t personally in that email exchange so I don’t know all of the details but believe that was the spirit of the exchange and I totally respect their concerns. We did use something else, BTW.
So this was a really long way of getting to the question portion of this post. (sorry)
- Were you aware of the security/piracy risk of embedding fonts in desktop applications? (Is the threat real or just paranoia?)
- Are there differences between OS X and Windows for securing embedded fonts?
- Do you know of any foundries with font offerings for desktop applications?
Thanks for reading this far and I look forward to y’all’s insights.
There's certainly a piracy risk when fonts are embedded in desktop apps. Picture a Venn diagram where one circle represents the people who want to pirate the font and the other represents the people who've installed the desktop application. I don't think there'd be much overlap.
No. Either way the files have to be loaded on the system to work, so it’s trivial to find them.
Most foundries do. Fontspring makes it easy—for many fonts you can just buy an application embedding license right from the web site. And their staff will be happy to help you with any questions.
You can insert the font as an encrypted stream and have your own font rendering library to decrypt on the fly and render the stream as bitmap. As far as the OS is concerned, it is just "paint these pixels". Then, others really have to break into the memory of your own customized version of the font library to intercept the font data.
In particular, freetype supports loading font data entirely from a block of memory, instead of from disk. This is how the Microsoft Font Validator since leaving Microsoft *should* interact with freetype, although it does not work that way at the moment (it currently occasionally re-read the font file from disk mid-operation). It is a rather low priority enhancement on my todo list.
Every type of embedding has its security risks, and from my experience embedding in desktop applications is not much (un)safer than embedding in mobile apps, or websites. For all these scenarios there are just better or worse ways to do it. For instance, the developers of iA Writer found ways to encrypt the fontdata in an app, hence making it less trivial to hack.
Feel free to drop me an email if you like to know more!
That’s great, but I was writing how the operating systems work, not what they could do if they were more like Freetype.
iOS and OS X are not very much like Freetype, but you can quite easily embed the font file inside the Resources directory in your application bundle, and then make it available to your application from there, without installing the font into the system:
@Ray Larabie: the overlap between font crooks and specific software users, unless it’s a design or development tool, is probably very very low.