Webfont hosting on MS Azure?
Andreas Stötzner
Posts: 789
I deal with a client’s request for a webfont licence. It is an institute of an university. They stated that they use a Microsoft cloud server (Azure) for the hosting of their websites.
In my licence terms it reads “[allowed is:] to link the webfonts to websites which are owned and controlled by licencee”, and also: “licence does not permit storage of the webfonts in places or under
conditions where unauthorized persons or third parties may gain access to the
fonts, without being licencees“.
They ask me if the storage on their MS-Azure server would be conforming with those terms and I think, that such a storage (not in-house server, but still, an ‘owned’ cloude space) would comply with the terms. However, I wonder if in such a case there may be any pitfalls or if, in the long term, certain precautions need to be effected in order to prevent unauthorized access to the fonts.
Has anyone experience with such a matter?
0
Comments
-
It doesn’t matter what platform the server is on. Anyone who can access the web site can access the fonts no matter where they’re stored. That’s what wget is for.2
-
wgetwas is that?
0 -
Andreas Stötzner said:wgetwas is that?0
-
James Puckett said:wget is tool for downloading web sites. It can download files by type, so someone who wants the fonts can run “wget -r -A .woff http://site.with.fonts/url/” and download all the web fonts from a site.Oh my god.Does that mean, anybody who views a website with a special embedded webfont (for which the creator of that site has payed for a licence) can rip off those special fonts and get away with it?1
-
Andreas Stötzner said:Does that mean, anybody who views a website with a special embedded webfont (for which the creator of that site has payed for a licence) can rip off those special fonts and get away with it?
0 -
Yes.
There are other ways of embedding fonts. But basically none of them are secure.
Lots of folks in the type business had concerns about web fonts and piracy. In the end, what has happened is, there is no serious copy protection for web fonts; they can be ripped off by pirates if they wish to go to the trouble to do so. They may need to translate from WOFF to other formats, but that’s not difficult.In my licence terms it reads “[allowed is:] to link the webfonts to websites which are owned and controlled by licencee”, and also: “licence does not permit storage of the webfonts in places or under conditions where unauthorized persons or third parties may gain access to the fonts, without being licencees“.They ask me if the storage on their MS-Azure server would be conforming with those terms and I think, that such a storage (not in-house server, but still, an ‘owned’ cloude space) would comply with the terms. However, I wonder if in such a case there may be any pitfalls or if, in the long term, certain precautions need to be effected in order to prevent unauthorized access to the fonts.Has anyone experience with such a matter?
2 -
Thomas Phinney said:Those terms seem… essentially contradictory, to me. No idea how a court would make sense of it.
0 -
Thomas Phinney said:Those terms seem… essentially contradictory, to me. …Interesting.Would you care to explain, what exactly seems contradictory?0
-
You specifically allow the user to host the fonts for web use, which as far as I know, cannot be done without “storage of the webfonts in places or under conditions where unauthorized persons or third parties may gain access to the fonts, without being licencees”
Unless of course it is not a public web site, and the license covers all people with access to the site. But I assume not.2 -
I would add that very few people/organizations are hosting a website all on their own. It is too much of a hassle to self-host a website, and so most websites are either hosted by one of the big players like Microsoft (Azure) or Amazon (AWS) or by one of the myriads of small players. All of these hosting providers have access to everything that their clients upload.
So, even if there were a way to protect font files served to the browser (like using Flash in the bad old days), the hosting provider still has access to all files, even the ones not served to browsers directly.1 -
KP Mawhood said:Although, someone has to "hack" the website – it's hardly authorised by the licensee. In the same way, fonts embedded in PDFs or apps can be hacked for unlicensed purposes.
But the license says they can’t store “the webfonts in places or under conditions where unauthorized persons or third parties may gain access to the fonts, without being licencees.” It doesn’t stop at saying that the licensee shouldn’t authorize access.
You do not have to use anything external to, say, Google Chrome to get a WOFF font file out of a typical website. It is a dead-simple process. (At least, unless one adds more requirements; I suppose base64 encoded fonts are slightly harder, still.) The only caveat is, if you want to use the font on a Mac or Windows desktop, instead of as a web font, you do need to convert the WOFF. (What John Hudson referred to as the “garden fence” protection—doesn’t really stop anybody, but at least they have some reason to be aware that the file wasn’t meant for this usage.)
At least with extracting fonts from PDFs you need to start off with some tool other than Acrobat or Apple’s Preview. Requiring an unusual or dedicated tool for a normal person to achieve the result is a more challenging case.0 -
This is very much an individual business decision. Speaking only for myself, I did try to find ways to make webfonts secure, gave up, and have not seen any impact whatsoever on licensing violations. It's still the case that most unauthorised webfont use comes from folks who have a basic license and their web developer converted the files on their own.2
-
PS- a couple years ago we saw a big uptick in unauthorised self hosting from Adobe CC cloud customers who misunderstood the Adobe license and thought it permitted web embedding broadly (not via Typekit). But that went away when Adobe clarified their messaging.3
-
Thomas Phinney said:KP Mawhood said:Although, someone has to "hack" the website – it's hardly authorised by the licensee. In the same way, fonts embedded in PDFs or apps can be hacked for unlicensed purposes.
You do not have to use anything external to, say, Google Chrome to get a WOFF font file out of a typical website. It is a dead-simple process. (At least, unless one adds more requirements; I suppose base64 encoded fonts are slightly harder, still.) The only caveat is, if you want to use the font on a Mac or Windows desktop, instead of as a web font, you do need to convert the WOFF. (What John Hudson referred to as the “garden fence” protection—doesn’t really stop anybody, but at least they have some reason to be aware that the file wasn’t meant for this usage.)
At least with extracting fonts from PDFs you need to start off with some tool other than Acrobat or Apple’s Preview. Requiring an unusual or dedicated tool for a normal person to achieve the result is a more challenging case.
Although it is very easy to "view source", it's quite another thing to steal the code. Image licensing has a greater challenge with the "save as" browser function.
Contradictions in font licenses are not uncommon. Having acquired a webfont license – even with this clause – a licensee would most likely be acting in good faith.
Likewise, no idea how it would play out in court.0 -
Thank you all very much for this elucidating discussion. It makes me aware of a kink in my licence wording and I shall overhaul that passage. It also helps explaining things to the client in question.Of course the owner of a server / hosting service (e.g. MS) has ‘access to’ whatever the customer loads up. But under normal circumstances that should not be the problem since a provider is usually aware of the fact that all data stored are property of the customer, in general.Piracy is another matter and I wonder, why it shouldn’t be feasable to create some effective gatekeeping for the fonts at the place where they are stored.0
-
Andreas Stötzner said:Piracy is another matter and I wonder, why it shouldn’t be feasable to create some effective gatekeeping for the fonts at the place where they are stored.1
Categories
- All Categories
- 40 Introductions
- 3.7K Typeface Design
- 793 Font Technology
- 1K Technique and Theory
- 609 Type Business
- 443 Type Design Critiques
- 536 Type Design Software
- 30 Punchcutting
- 135 Lettering and Calligraphy
- 82 Technique and Theory
- 53 Lettering Critiques
- 478 Typography
- 300 History of Typography
- 113 Education
- 65 Resources
- 494 Announcements
- 79 Events
- 105 Job Postings
- 148 Type Releases
- 161 Miscellaneous News
- 269 About TypeDrawers
- 53 TypeDrawers Announcements
- 116 Suggestions and Bug Reports