Preventing download of web fonts?
Göran Söderström
Posts: 117
Is there some secure standard way today of preventing people to download self-hosted web fonts? I need to write some guide that goes with our web fonts.
I know that it’s possible to block hot linking, but I’m also looking for a way to prevent download.
I know that it’s possible to block hot linking, but I’m also looking for a way to prevent download.
0
Comments
-
The hot-linking prevention IS also the download-prevention. If you setup a positive REFERRER check, then it will return "false" when it comes from a different domain or from a direct download attempt.
The Web FontFont manual has an example: http://www.fontshop.com/blog/newsletters/pdf/webfontfontuserguide.pdf
But to be honest: Don’t do it. There is no such thing as webfont protection. If the user sees the font on the website, he already has downloaded it. Using .woff/eot is enough garden-fence protection.
REFERRER checks can never work properly, because there is not even a guarantee that the REFERRER value is even sent. A user can just turn it off and then he will not see webfonts. Not good!1 -
There is no such thing as webfont protection.
Agreed. Some type vendors have or will expend lots of resources on protection schemes involving obfuscation, encryption, multiple fonts, etc.. And once web fonts really catch on some bored kid will write a shell script that plows through it all and returns the same complete font the browser gets.0 -
I know that none of these are actually protections. Yet I think most people won't download illegally if it's not easy. So making it a little difficult is a wise move, IMHO.
For your reference, TypeKit explains how they do this, but they seem to have gone a little too far.
BTW, @opentype, I didn't know that serving only WOFF and EOT can help here. I'm surprised that converting WOFF to TTF is a hard job.1 -
There is no possible way to protect web-fonts.
You can only make it "more difficult" but not impossible.
Communities who used to extract fonts from pdfs (pdf-x) are now grabbing fonts from the web (wf-x). They are also combining both extraction techniques: Using the pdf extractions (to get the complete char-set) and the webfonts extractions (to get the kerning, classes and OT features).
Even the new unreleased HFJ webfonts are already floating around.
0 -
The best we can do is to provide an easy way for people to do it legally. People will always try to do it illegally, but if the system is easy, people are more likely to do it nicely.
For example, I think Typotheque make it really easy, and really affordable. I think that’s the way forward. iTunes got me to pay for music, so I suppose there is something to be said about that.2
Categories
- All Categories
- 43 Introductions
- 3.7K Typeface Design
- 815 Font Technology
- 1.1K Technique and Theory
- 630 Type Business
- 450 Type Design Critiques
- 549 Type Design Software
- 30 Punchcutting
- 138 Lettering and Calligraphy
- 85 Technique and Theory
- 53 Lettering Critiques
- 498 Typography
- 308 History of Typography
- 116 Education
- 74 Resources
- 511 Announcements
- 82 Events
- 107 Job Postings
- 154 Type Releases
- 167 Miscellaneous News
- 271 About TypeDrawers
- 53 TypeDrawers Announcements
- 117 Suggestions and Bug Reports