Is there some secure standard way today of preventing people to download self-hosted web fonts? I need to write some guide that goes with our web fonts.
I know that it’s possible to block hot linking, but I’m also looking for a way to prevent download.
0
Comments
The Web FontFont manual has an example: http://www.fontshop.com/blog/newsletters/pdf/webfontfontuserguide.pdf
But to be honest: Don’t do it. There is no such thing as webfont protection. If the user sees the font on the website, he already has downloaded it. Using .woff/eot is enough garden-fence protection.
REFERRER checks can never work properly, because there is not even a guarantee that the REFERRER value is even sent. A user can just turn it off and then he will not see webfonts. Not good!
For your reference, TypeKit explains how they do this, but they seem to have gone a little too far.
BTW, @opentype, I didn't know that serving only WOFF and EOT can help here. I'm surprised that converting WOFF to TTF is a hard job.
You can only make it "more difficult" but not impossible.
Communities who used to extract fonts from pdfs (pdf-x) are now grabbing fonts from the web (wf-x). They are also combining both extraction techniques: Using the pdf extractions (to get the complete char-set) and the webfonts extractions (to get the kerning, classes and OT features).
Even the new unreleased HFJ webfonts are already floating around.
For example, I think Typotheque make it really easy, and really affordable. I think that’s the way forward. iTunes got me to pay for music, so I suppose there is something to be said about that.