FontEnigma

LeMo aka PatternMan aka Frank E Blokland

A lot of type-foundry websites use retail fonts to display and demonstrate the qualities of typefaces. The inevitable risk is that font data becomes easily accessible for downloading. This is sometimes countered by the argument that professional graphic designers and companies will buy a license anyway. However, that in turn is somewhat contradicted by the services that crawl websites specifically to detect unlicensed use of fonts. In general, professionals avoid unauthorized fonts, but unfortunately, font data can sometimes end up being shared online (possibly by mistake) without clear authorization.

In a dispute with a graphic-design agency that had used DTL fonts without a license a few years ago, the agency’s owner argued that we, as producers, should prevent our fonts from being so easy to copy and distribute. I replied that leaving the windows of my house open is not meant as a generous invitation to burglary. Of course, I can close and lock the windows, but I cannot build something into the font data itself that prevents copying.

What I can do, however, is choose how the fonts are displayed online. For example, one way is to serve text as images, as we do on this website, which uses the somewhat vintage TypeShow software. In this case, the fonts themselves are never exposed to website visitors. Still, one could argue that serving fonts directly is faster and offers better performance, dynamic layout control, and accessibility. If we choose to serve fonts directly, there are, however, still ways to make unauthorized downloading less appealing:

      – character-set reduction
      – contour-quality lowering
      – font-encoding obfuscation
      – font-layout scrambling

The first two methods are standard in DTL’s web fonts. The character set is somewhat reduced, which also decreases the GPOS and GSUB features (these are subsetted during font generation). In our webfonts, the conversion from cubic to quadratic splines is performed more loosely. This reduction in precision is not visible on-screen, even when zoomed in. However, it not only makes the webfonts smaller, but also different from the retail desktop fonts and less attractive to use outside of websites. Of course, other techniques can also help distinguish web fonts from desktop fonts. Our desktop versions are typically OpenType CFF fonts (except when the client wants the TTF version). Another benefit of these modifications is that they reduce file size, for example, by minimizing name-table entries and removing redundant cmaps, where applicable.

Encoding obfuscation is particularly effective when one controls the environment in which the fonts are displayed. The rendered text can be decoupled from standard Unicode code points, allowing for a scrambled encoding. The text typed by the user (scrambled by reassigning standard Unicode code points to different glyphs) is displayed correctly via translation in the controlled environment. If this text is copied into another program, it appears garbled, making the font practically unusable.

Scrambling the font layout is of secondary importance, but it makes it a bit harder to extract and reuse glyphs. By distributing glyphs randomly like confetti in a sea of empty character slots, copying becomes less attractive and the font file somewhat bulkier than necessary.

To explore these possibilities in practice (and because I found it an interesting challenge), I have made a beta version of an obfuscation environment, called ‘FontEnigma’, which can be tested here. FontEnigma also supports variable fonts: if such fonts are detected, sliders will appear automatically. These sliders are currently predefined, but could eventually be generated dynamically based on the font data. There are some rough edges in the environment still: for example, when using modifier diacritics or toggling kerning on and off multiple times. However, overall, this beta version of FontEnigma correctly displays an obfuscated version of Stijn Cremer’s DTL Estuary.

A key is used to map scrambled Unicode code points back to readable text. I am fairly confident that many participants on TypeDrawers could crack this key, as it is not exactly rocket science. Nonetheless, if you do manage to break it, please do not post it publicly. Making it easier for third parties to reverse-engineer the fonts would defeat the purpose, though doing so would still require a fair amount of effort and skill. That said, I can always update the obfuscation method and the decoding key if needed.

Speaking of keys, the key question is whether it makes commercial sense to generate modified font versions specifically for demonstration purposes. Is the extra effort justified? I believe it is. Protecting your licensees is essential: after all, they have paid for the right to use your fonts. In DTL’s case, implementing the kinds of modifications described above is relatively straightforward and can be largely automated. I reckon that is true for many other workflows as well, regardless of the file formats involved. This summer, I plan to work on ironing out the remaining glitches: it will undoubtedly be fun. If you are interested, I will be happy to share updates as progress continues.

As a side note, the idea of font obfuscation for the web is not entirely new. For example, at the ATypI 2011 conference in Reykjavik, Jürgen discussed font scrambling and HTML re-encoding for web-embedded fonts. There may well have been other similar experiments that I missed.

Peter Constable

FontEnigma makes the font data less appealing by making the font non-interoperable by using a custom encoding. The corollary is that it also makes the text non-interoperable. One implication is that a Web site will not work with accessibility tools such as screen readers, meaning it will not be compliant with WCAG or with the EU Accessibility Act, which goes into enforcement next month.

LeMo aka PatternMan aka Frank E Blokland

Hi Peter, it is perhaps fair to say that this tool might fall outside the scope of the EU Accessibility Act and WCAG requirements. After all, it does not provide any authored or published content as it just takes whatever the user types in and renders it for visual font testing. The obfuscation of Unicode is there purely to protect the font from being used in an unauthorized way, and it does not block any interaction or hide information from users with disabilities.

Since the tool is aimed at developers and not the general public, and it does not contain any built-in content, the usual rules about making information perceivable and understandable may not really apply here. That said, I am not a legal expert and this is just my interpretation of how things might reasonably be viewed.

John Hudson

From your original post, Frank, it wasn’t clear if you were talking only about type testers or foundry web page content in general.

If a foundry is selling webfont use licenses to customers, as is the case for most foundries today, there seems little point in trying to obfuscate the fonts on the foundry site. As soon as the fonts are in use in the wild, they are vulnerable.

I replied that leaving the windows of my house open is not meant as a generous invitation to burglary.

This is similar to the metaphor which inspired the WOFF format: there is a difference between picking up a wallet lying on the ground beside a car and picking up a wallet from inside the car, even if the car window is open.

LeMo aka PatternMan aka Frank E Blokland

Hi John, my main point is that at least DTL should not make it easy for fonts to be copied or shared without our permission. We cannot stop everything, but obfuscation and subsetting are not hard to do anyway and and doing this shows our paying customers we are protecting their investments the best we can. After all, our niche market is based on exclusivity, and unauthorized distribution does not help.

LeMo aka PatternMan aka Frank E Blokland

In addition, for the main copy on a website, I would never obfuscate the fonts: that would likely hurt SEO quite a bit. On the DTL sites, we use for this (relatively small subsets of) fonts, which, as mentioned above, differ from the retail desktop versions.

Alipey

Hi Frank,

Well, I thought you meant something a bit more sophisticated by “key.” At least a little.
Finding it honestly didn’t require "a fair amount of effort and skill"! It took just a few seconds.

please do not post it publicly.

I won’t post the key, but I think sharing this image should be fine:

(If you think it should be removed, let me know and I’ll edit the comment.)

I’m honestly surprised that you limited letter glyphs obfuscation to just letters? Numbers to numbers? Others?
Why restrict yourself like that? You could have replaced glyph outlines with anything.

Some suggestions:

1. Do the obfuscation using a key with no pattern and truly random numbers. For example, if we want to obfuscate 100 real glyphs, you’ll need 100 unique key pairs mapping the character Unicode glyph to character outline glyph:
   
   1 - 36
   2 - 89
   3 - 12
   ...
   100 - 61
   
   (If you want to automate this flawlessly and quickly—just ask AI to do it.)
   
   

2. Even then, it’s still not that hard to find the key, because the outlines can still be manually matched to Unicode. That’s exactly how I figured out the real Unicode for ! and ?.
   It might take a few days to do this for all glyphs manually. But with AI contour recognition? A few minutes, max.

The hardest thing for me to find was the space glyph! Because the font includes a massive amount of empty glyphs, and I couldn’t distinguish them from one another.
And that’s actually a good point:
Out of 5,584 glyphs in this font, 4,614 are fake — empty, same-width (and currently useless).
What you should do instead is delete these fake glyphs, then for each of the 970 real glyphs, generate 5 fully similar composite glyphs (it would be 4,850 glyphs at all).
Then randomly spread them among the glyph set, so that finding the key becomes many times harder.

Overall, I think this is a really good idea — especially the isolated web interface that prevents copying real Unicode of displayed characters. Keep going!


R ivzoob orpvw UlmgVmvtnz{

Dave Crossland

At least its not ROT13 lol

Peter Constable

An LLM likely can decipher the simple cipher. That means that an AI that can process font data likely could decipher the font data.

LeMo aka PatternMan aka Frank E Blokland

Hi Alipey, thank you for your efforts, comments, and advice: I really appreciate it. I am not surprised that you managed to crack the code easily. Dropping the invoked (obfuscated) JavaScript into Chattie would have done the trick too, as I tested early on. And yes, if you type the alphabet in one direction, the obfusction in the opposite direction will become clear when you copy the result into a text editor. Evib~dvoo~hklggvw}

Still, even this simple form of obfuscation serves its main purpose: making the fonts less attractive for casual downloading. If someone really wants to use them, they will need to put in some effort to get them working. Of course, it is possible to automate the Unicode reconversion. I am not sure the average downloader or crawler would go that far. And even if they do, what they end up with will still be inferior to the standard retail font data.

As for the complexity of the obfuscation: the principle appears to work well, and it should be possible to make it more sophisticated. I am sure, however, that AI will crack that code too in less than a jiffy. That said, I believe this light barrier is already sufficient to deter unauthorized distribution of fonts via a test environment (even before a single licensed copy has been sold).

Ultimately, it is about us (I can only speak on behalf of DTL) wanting to protect our customers’ investments as best as possible. And this may help a little.

Simon Cozens

LeMo aka PatternMan aka Frank E Blokland said:

Still, even this simple form of obfuscation serves its main purpose: making the fonts less attractive for casual downloading.

It serves its purpose! It works!

the principle appears to work well

It appears to work.

I believe this light barrier is already sufficient

I believe it works.

And this may help a little.

It may work.

Security systems can make us feel better, but whether or not they actually work needs to be back up by evidence, not by feelings. I don't say that in a mean way. Especially when it comes to computer security, where nothing is physical, it's much harder to tell the difference between bolting a door and uttering a magic spell. Either can make us feel protected. We only find out which one actually does protect us when someone barges the door down.

Alipey

You're right.
I agree that this is more than sufficient for the end user.

I think 90% of those who download the font from the font tester lose interest in continuing their adventure once they encounter the observation.

I think this is the best option for a type tester at the moment, although I do have better ideas in mind, I just need to think them through more.

John Hudson

This got me thinking about obfuscating font encoding while preserving text encoding. My idea is something like an Enigma machine in a layer between the text and the font, so the text—which is clean Unicode encoding, searchable, copyable, interchangeable—gets encrypted before it is displayed, and what is made visible is the encryped font encoding, which in theory could change every time the page is reloaded.

This implies a whole infrastructure between the text and the glyphs, but there’s nothing but convenience and habit that says the path between text and glyphs needs to be direct.

[I am not suggesting this as something I am interested in building, or that I think is worth investing in, only as the way I would approach this if I were to. Alternatively, one could sacrifice a goat.]

Kent Lew

At which point in the text processing sequence would you suggest inserting the goat? 😆

LeMo aka PatternMan aka Frank E Blokland

In the meantime, after solving a few issues (there are other things that can be improved still) and adding some new features like a color picker and ‘Text Column View’, I moved the FE development environment to a dedicated domain on DTL’s VPS: https://www.fontenigma.com

LeMo aka PatternMan aka Frank E Blokland

This afternoon, I uploaded an upgrade that fixes several issues from yesterday’s edition of FontEnigma. As the prototype more or less nears completion, this will likely be my final update on the topic here on TD.

So, what’s new? The layout features now work simultaneously (including a reset button) and sync across both views. The color setting is now controlled by a single picker that updates everywhere at once. Also, the core JavaScript, responsible for, among other things, character obfuscation, is now much more heavily obfuscated than before. Even Chattie and his AI pals will need some serious teeth to chew on this. Still, I reckon it is eventually crackable: Chattie estimates a skilled effort by itself might take 8 to 12 hours –for what that is worth.

That’s all Folks!

Jens Kutilek

I tried pasting some text into the text area ... Only the last letter was pasted, and the text area stopped responding after that, fwiw.

LeMo aka PatternMan aka Frank E Blokland

Hi Jens, thanks for letting me know. I was aware of the issue, and it will definitely take some extra effort to fix. Editing in the middle of a word is not working well at the moment either. Because of the character obfuscation, these things are not so straightforward to resolve, but I am confident I will get to it somehow sometime this summer. Fortunately, there is no rush, because I am my own client.

Alex Visi

A pirate walks into a bar sees the foundry’s fancy protection and googles “fontname free download”. Or finds some customer’s website through fonts in use and downloads it from there.

LeMo aka PatternMan aka Frank E Blokland

While gazing into the mirror, the strange and adventurous Dr. Type realized that what he saw was not merely a physical transformation, but a stark warning from the depths of his own being. In that shocking moment, it became clear to him that this was about far more than the unruly spread of intellectual property. This was the cynical Mr. Fatal staring back at him: a figure who had surrendered hope, heart, and soul.

Though it demanded nearly supernatural strength, Dr. Type resisted this fatalistic shadow within. With determination forged in isolation, he chose to continue his lonely and perhaps tragically misunderstood quest.

LeMo aka PatternMan aka Frank E Blokland

It should now be possible to paste text in FontEnigma and edit it freely, even in the middle of words. Typing accented characters using modifier diacritics should also work as expected (I still noticed one minor glitch with that, but I will fix it soon). The next step is to incorporate proper line breaking, at least on word spaces. Mid-word hyphenation is effectively impossible in the obfuscated form, due to the scrambled Unicode code points.

Dave Crossland

Encryption, going back to the Enigma machine, implies 3 parties: A message sender, a legitimate message receiver, and an illegitimate message intercepting attacker. Before public key encryption, going back to the Caesar ciphers (like ROT13), it required an "out of band" or secret 2nd message to be sent from the sender to the receiver, explaining the secret key - how to decode the message sent in the main message that is under attack. 

The genius insight of public key encryption is that the receiver can publish half of their key to enable anyone to encrypt a message for them, and avoid any need for a 2nd message channel.

But this does not solve the problem faced by all Digital Restrictions Management schemes – which is that the receiver is also the attacker. This makes all attempts to encrypt a message doomed, because the receiver must have all the information needed to read the message, and therefore when they are also the attacker, they can always read the message too. 

It doesn't matter how fancy the process is, how large that layer of infrastructure is, or how often is changes – when the receiver is also the attacker, the sender loses their ability to keep the message secret. 

LeMo aka PatternMan aka Frank E Blokland

Hi Dave, thanks for your elaborate, thoughtful, and thorough response: point taken. I understand that you consider the obfuscation basically useless, and, of course, I respect your view. FontEnigma is a personal project with a very specific goal, and I realize that from a broader or more practical perspective, it may seem unnecessary, or even pointless.

But for me, it is more than just a technical experiment. Like Dr. Type facing his reflection, it is about resisting the temptation to give in to inertia and continuing on, even if the path is lonely or misunderstood. With determination forged in isolation, I choose to keep working on it! After all, FontEnigma fits my needs. And those of Dr. Type, but that aside.

I shared the project here simply for fun and for whoever might find it interesting. It is not intended to convince anyone, and certainly not to suggest it as a general solution. Perhaps we come from different parts of the type univers that briefly touch each other here on the forum, anyway.

In any case, as always, I appreciate your engagement!

mitradranirban

In an age when rogue AI scraper bots are roaming web in droves, and the capitalist corps which created the concept of intellectual property are hell bent on abolishing it, how a creator will monetize his/her/their creation remains an enigma.

Dave Crossland

Frank, fair enough, all agreed.

Obfuscation, not encryption, is exactly the correct word  

Various people have attempted font DRM schemes since the 1980s, and as far as I know, most died out pretty quickly, and all eventually - since they ended up costing more than they increased revenues by - often because they interfered with legitimate customer workflows and drove up customer support costs. In this case, since it is about the mere preview of fonts on webpages, where as you said bitmap graphics rendering can satisfy a lot of users, well, its hard to see how agitated most users may be, in practice.

At top you asked, "is the extra effort justified?". I post all the above only to underline the Sisyphusian and Quixotic nature of these kinds of projects. I believe effort into any project is always justified, when having fun  

John Hudson

capitalist corps which created the concept of intellectual property

The concept of intellectual property arose from tensions between different parties making and publishing various kinds of works, beginning around the time that printing from cast type made reproduction of literary works massively easier than it had been in manuscript. It was not created by ‘capitalist corps’—which didn’t exist in the ways we would recognise them now—, but arose out of situations in which parties appealed to the state to regulate the reproduction of works. Initially, intellectual property law focused on publishers, and took the form of grants of exclusive license by the state, but was later shifted to recognise that individual creators had rights in law that do not rely on grant of license; indeed, it recognised that the creator holds the rights and may grant license of them to other parties.

Have the holders of capital and owners of the means of production leveraged intellectual property law? Yes, of course. And are some of them now trying to circumvent or reframe it to allow themselves override the rights of creators? Yes, of course.

Intellectual property law was a reaction to changes in technology that made it easier than it had been to produce copies and derivative works. Ironically, we’re now in a position where technology is making it ever easier to product derivative works, and people are saying this means that we should do away with intellectual property law, instead of drawing the more logical conclusion that it should be strengthened: that the easier the modes of reproduction, the stronger regulatory protection for the rights of creators should be.

Dave Crossland

Did You Say “Intellectual Property”? It's a Seductive Mirage ... The term “intellectual property” is at best a catch-all to lump together disparate laws. Nonlawyers who hear one term applied to these various laws tend to assume they are based on a common principle and function similarly.

– https://www.gnu.org/philosophy/not-ipr.en.html

AFAICT, John is talking solely about copyright. 

John Hudson

In the modern context, yes I am talking about copyright. But copyright law per se sits within a history of broader legal evolution of ideas about how to recognise and balance the rights or privileges of various parties — creators, publishers, the public, the state — with regard to the things people make. So copyright and patent law, for example, can be traced to common antecedents, but branch at a particular point where artistic invention and practical invention are reckoned as needing to be balanced in different ways.

The term “intellectual property” is at best a catch-all to lump together disparate laws.

That’s exactly what it is. It is what enables law firms to advertise themselves as specialist in intellectual property, and for legal scholars to write books and articles about the history and application of intellectual property. I would characterise the various laws grouped under the term as distinct, rather than disparate, though.

PabloImpallari

A 🐏 won't work in certain South American regions where 🦙 or 🐓 are used instead.
For global coverage 👶🏻 should work. It that fails we are doomed: 🌊🌊🌊🌎

Ok now jokes aside:
Despite all the pros and cons of the different methods, what actually happens in real life is that font collectors on dark type forums quickly get all the fonts they want from all foundries except TEFF and DTL.
They only get those after some time and some of them are not yet shared (or they are shared single style but not the whole families).. and form there the fonts also spread across the web.
So maybe because of the price, or the pixel display, or whatever other reason.. they gain something even if it's just a windows of time. 
And from the collectors point of view, they also are less inclined to share it, since there is some joy in having the ones that makes their collection stand out as complete.

Simon Cozens

Exactly. What does "protecting against the casual attacker" mean when the attack method of the casual attacker is to simply download the font from a web site where it's been provided by the sophisticated attacker?