Marking Copies of Fonts
Ori Ben-Dor
Posts: 386
Suppose a foundry marks each copy of the fonts it ships to clients with some unique key buried somewhere in the metadata, such that if an illegal copy is found, it's possible to trace its source.
Have you ever heard of something like this?
Do you think this would be a good idea?
Have you ever heard of something like this?
Do you think this would be a good idea?
1
Comments
-
It definitely wouldn't work for web fonts. Any user can download a WOFF/WOFF2 file from a website—so I'm not sure what a embedded ID somewhere in the file would achieve.
I guess you're thinking more about OTFs though right?1 -
Yup.0
-
I'd like to see that just for curiosity's sake.2
-
IIRC Letterhead fonts tried this at one point and it was not well received. And just because the font can be traced to a purchase doesn’t mean that the purchaser released it on a pirate font site. Every time they send a job to print someone else gets a copy.4
-
Wow, I'm surprised someone has actually tried that.
This is an interesting story, and a bizarre one.
By the way, if I'm ever going to do that (which I'm not), I think I won't use some metadata field, but some glyph. It's more cool
0 -
I had an idea some years ago for discouraging piracy. Basically, claim that the purchaser's credit card number (or some other sensitive data they've given you as part of the purchase) is hidden in the font files, but don't actually do it. On reflection, I decided that it would probably be a good way to get people to stop buying my fonts.10
-
...I won't use some metadata field, but some glyph...
That's been done too. Why waste your time when it could be more productively spent? Trying to catch a pirate, unless you have a large quantity of fonts at risk, is not time well spent.
1 -
And just because the font can be traced to a purchase doesn’t mean that the purchaser released it on a pirate font site. Every time they send a job to print someone else gets a copy.
The point of serialising fonts with licensee data isn't to trace the source of pirated versions but to be able to clearly identify unlicensed use. In this respect, serialising fonts is no different from serialising other forms of software.4 -
But technology-wise, there is a vast difference. I can code in various copy-protection schemes and checking mechanisms into an application. I can then attempt to prevent even the installation, run-time checking, etc. by unauthorized people. (Which can still be broken, sometimes in seconds. It's happen to me over the years.)John Hudson said:And just because the font can be traced to a purchase doesn’t mean that the purchaser released it on a pirate font site. Every time they send a job to print someone else gets a copy.
The point of serialising fonts with licensee data isn't to trace the source of pirated versions but to be able to clearly identify unlicensed use. In this respect, serialising fonts is no different from serialising other forms of software.
One cannot practically do that with a font. With fonts it is more like trying to find who removed the proverbial needle in the haystack after it has been found and moved elsewhere. Unless a license holder admits to releasing a font in the wild, it would be incredibly difficult (impossible) to identify the perpetrator. Without knowing who actually did the deed, one cannot really do much about it. Even if one knows, there is little to be done.
I'm a pessimist when it comes to this issue. It's going to happen and there is nothing preventative I can do about it and can only hope some sites would honor a take down notice. This subject has paralyzed me in fact. I'm sitting on the first commercial fonts I have made since the 1980s/1990s. If and when I do release them, I don't want them out and about illegally for at least a couple weeks...
Sorry for the pessimistic first post.
Mike0 -
Well, you won't have any chance of making money from fonts you never release.0
-
Truer words haven't been spoken, Mark.
And I will release them. I haven't decided the who to sell through nor even pricing yet. And then there is that hesitation to overcome. But I will. Probably. Maybe...else I'll keep using them for layout work.0 -
One cannot practically do that with a font. With fonts it is more like trying to find who removed the proverbial needle in the haystack after it has been found and moved elsewhere. Unless a license holder admits to releasing a font in the wild, it would be incredibly difficult (impossible) to identify the perpetrator.
Again, and as I said, serialisation is not about identifying a 'perpetrator' responsible for distributing a font illegally. It is about being able to say to someone using the font 'Excuse me, but this font is not licensed to you. Please pay for a license.'4 -
Yes, John. Agreed. I worded the dumb analogy wrong.
But how are you even going to know the font is being used in the wild and who is using it?0 -
But how are you even going to know the font is being used in the wild and who is using it?For webfonts, either by coincidence (friends and family send me links to sites that use my fonts all the time) or by future (or even present?) web crawl technology.I could probably write a simple web font crawler in an hour and a list with the internet’s most popular web sites should also be easy to find.Anyway, I find it a very good idea to tag all outgoing fonts for detection of illegal use, as John said. I plan to integrate a subsetter into my future online shop, so that's a very convenient place to add the tag.By the way, thinking about it, what do you think about this:Like what Mark said, but less offensive. Put the licensee's company/name into the font and forbid him via EULA to remove the tag (which is probably already the case in most EULA's). Then, if you find a font without a tag, it's probably also unlicensed.Or is an encoded/non-human-readable string better?0
-
We tag our web fonts. The order number is included in a namerecord similar to how Font Squirrel does it.
We've found it useful for checking to see if a website is using a properly licensed font, or for diagnosing font problems (i.e. customer made some dumb modification and now the kerning is gone).
We don't tag our desktop fonts, but I wish we did. I can think of several times where being able to verify the legitimacy of a license, or even knowing an approximate date when the font was issued, would have been very helpful.
Slightly off topic: I LOVE that FontForge and Font Squirrel include breadcrumbs in the fonts they produce. Being able to crack a font and see that it's been modified is super helpful for tech support.2 -
So we’re talking about a checksum. How would one go about that technically?If you’re writing a simple checksum of the entire file into the file, the checksum of the file changes. So it needs to be done table by table. But how?By the way, thanks for that discussion. I'm now determined to do it for all the fonts I'm going to deliver.0
-
Each table has a checksum already. Why not just use that?
$ ttx -l Coolangatta-Regular.otf Listing table info for "Coolangatta-Regular.otf": tag checksum length offset ---- ---------- ------- ------- CFF 0x33C11B8E 11531 3596 GDEF 0x0D6B0E4F 176 15128 GPOS 0xD3A2D170 4168 15304 GSUB 0x63027664 414 19472 OS/2 0x693A809F 96 1432 STAT 0xCC1FE487 62 19888 cmap 0x47E1FE1E 1436 2128 head 0x0C4DE7E2 54 228 hhea 0x06740475 36 1396 hmtx 0x55282F8B 1112 284 maxp 0x01165000 6 220 name 0x2325C533 600 1528 post 0xFFB80032 32 35640 -
What exactly does Font Squirrel do?
And I'm not sure I understand what checksum has to do with marking copies: Unless you're serializing copies using some unique tag, all copies will have the same checksum, and if you do have a unique tag, you don't need the checksum. Checksum can help you detect if a copy has been modified, but then again, if it has, you don't need checksum to be able to tell that, you can simply use diff or so. What am I missing?0 -
Right, the checksums are for modification detection only. In my case, wanting to offer fonts online with a subsetter, there is no one file that I can diff against. Each file could be different and need to be 'signed' on the fly.1
-
In steganography, information is hidden for example in images or audio files. The least significant bit of an image pixel or an audio sample can be used to encode a piece of additional data.
Applied to fonts, you could put in a @yanone logo with a rough outline, and the point positions would differ slightly in each sold font. Only you would know the original outline and be able to extract the information encoded in the point coordinate differences.2 -
That's pretty cool, but is there a practical advantage over putting the information in the font openly, such as in a name table entry? I would encrypt my checksum string so that a modifier can't repeat the string creation for modified tables, and leave it at that. The user is already forbidden by EULA to modify the fonts, so a missing checksum already breaks the warranty.0
-
You don't need a logo with rough outlines to hide information. If any glyph has a horizontal/vertical straight segment, you can simply add extra points in the middle of it. If such a segment is N units long, there are 2^(N-1) different ways to place extra points along that segment, so even really short segments are all you'll ever need
0 -
I did this once, on a lark. I was asked to donate gratis copies of Whitman for use by students only for projects within the context of a particular design course. I added specific extra points along the vertical edge of one serif of one of the capitals (in addition to a name mod).
If I ever care to inspect some free font version roaming around out there and find these extra points, then I’ll know that it originated from that classroom.
a) I’ll probably never bother to do that, and b) there won’t really be any practical recourse. But at least I’ll know where it came from.
And I suppose I would then be able tell that instructor that his best efforts to impress upon his students the value of fonts and educate them against sharing will have failed.
2 -
But that would look suspicious. If somebody cracks open the font, notices the extra points and removes them, the extra information is goneOri Ben-Dor said:You don't need a logo with rough outlines to hide information. If any glyph has a horizontal/vertical straight segment, you can simply add extra points in the middle of it.
0 -
I'll just note that AFAIK, every possible technique mentioned in this thread has actually been used by at least one foundry in the wild.
One of the major foundries used to put a license number in the metadata of every font they sold online, at time of purchase. (Not sure if they still do or not.)1 -
Put the purchase (transaction) and the license on the blockchain and put a reference to that transaction in the font file as metadata. (Ethereum) Anyone can verify who purchased it, when and what rights were allowed. I'm convinced this is how licensing will be done in the future. Cryptocurrency will also allow for micropayments, (think .0001 cents per use of a font on a webpage) with the font served cheaply with redundant decentralized nodes, including automatic royalty splits with smart contracts.1
-
http://po.et has an implementation of this very concept.1
-
No, the opposite is true, to date. Cryptocurrencies have many advantages, but payment overhead is their biggest weakness, today at least. The costs of cryptocurrency transactions are very high. Never under $10, and averaging $28 per transaction. So, something like a factor of 30-100x the overhead of alternatives.Jeremy Dooley said:Cryptocurrency will also allow for micropayments, (think .0001 cents per use of a font on a webpage)
0 -
Why does anybody need to verify font licensing rights with crypto? OS or software based font DRM system built on blockchain is a hopeless cause. We saw that when some type foundries tried to get DRM and/or licensing data built into web fonts. If the blockchain system is going to use the licensing data to handle serving fonts like Typekit it doesn’t require a blockchain. That stuff can be stored in a database without needing the extra overhead of crypto. To me po.et’s idea sounds like someone spouting nonsense about disrupting existing systems with blockchain to get the attention of gullible investors.Jeremy Dooley said:Put the purchase (transaction) and the license on the blockchain and put a reference to that transaction in the font file as metadata. (Ethereum) Anyone can verify who purchased it, when and what rights were allowed.
1 -
Thomas, you are thinking of Bitcoin, which, it is fair to say has expensive transaction fees. Ethereum's transactions are 1/20th of that right now, and with scaling technologies on the horizon will be much less. Bitcoin is Myspace, Ethereum is Facebook.
James, you might want to look at IPFS, which solves the problem of centralized server downtime (Typekit) since the font files are distributed to the point that they are served at a city level.
A blockchain, being an immutable record solves licensing issues. What license does your customer have? Who knows, but with a blockchain you can instantly verify the rights that were purchased, regardless of the distributor. Server, desktop, web, etc.
Cryptocurrenty will allow us to presell fractional rights of typefaces, have smart contracts instantly perform royalty splits, or crowdfund exotic typefaces with limited market appeal - these are just the easy ones.
We have a problem with centralization and typefaces. Those databases and servers can and do go down. As far as the business aspect, Monotype anyone? Breaking that monopoly will require a 10x solution, and cryptocurrency is the best option on the horizon.1
Categories
- All Categories
- 43 Introductions
- 3.7K Typeface Design
- 798 Font Technology
- 1K Technique and Theory
- 617 Type Business
- 444 Type Design Critiques
- 541 Type Design Software
- 30 Punchcutting
- 136 Lettering and Calligraphy
- 83 Technique and Theory
- 53 Lettering Critiques
- 483 Typography
- 301 History of Typography
- 114 Education
- 68 Resources
- 498 Announcements
- 79 Events
- 105 Job Postings
- 148 Type Releases
- 165 Miscellaneous News
- 269 About TypeDrawers
- 53 TypeDrawers Announcements
- 116 Suggestions and Bug Reports