FontEnigma

Hi Michael, although I find it hard to imagine a scenario where users need to copy readable text from the type tester, maybe hiding the obfuscation at first sight would be useful, and implementing it should not be too difficult. The current version of FontEnigma (which uses a somewhat more complex obfuscation than the initial release) already translates pasted text on the fly. The reverse should also be possible by intercepting the copy event and replacing the selection with decoded text before it is written to the clipboard. I will give this a try in the near future.

In the latest version of FontEnigma, I have added a couple of things to help make it harder to grab the fonts or inspect the page easily.

First, the browser’s context menu is disabled on desktop (both right-click and keyboard). On mobile it is still allowed, otherwise users would not be able to copy and paste text. The oncontextmenu event is also locked on the <body>, in case someone tries to override it.

More importantly, the woff2 font files are now XOR-encrypted, and then decrypted on the fly in the browser using JavaScript. Once decoded, the fonts are loaded using FontFace and referenced via a temporary ‘blob:’ URL, which disappears as soon as the page is refreshed or closed.

I must admit, however, that all of this together only adds up to a small additional hurdle that a serious attacker can undoubtedly get around.

As mentioned, the XOR‑encrypted fonts (for example ‘typeface.woff2.xor’) are decrypted on the fly in the browser. The resulting ‘blob:’ URLs are ephemeral: they disappear or are replaced when the page is refreshed or closed. The original font file paths and directory structure are never exposed to the page.

Keeping the original source paths hidden and limiting access are therefore the most important defenses. That said, if an attacker can observe the decrypted bytes (for example via DevTools, an instrumented browser, or a man‑in‑the‑browser attack), no purely client‑side measure can prevent extraction: this is, of course, an inherent limitation of rendering assets in the user’s browser. I would not be surprised if some of you managed to do that.

The XOR encryption I use is intentionally lightweight: with a 256‑bit (or larger) key it provides a practical layer of obfuscation for this use case. The primary goal is to make casual downloading and automated harvesting more difficult. That said, the encryption is relative: after all, in the browser at runtime the decrypted bytes exist in memory, even if extracting them is not straightforward.

The JavaScript involved is simple and lightweight as well. It is easily portable to any site and requires minimal changes to fonts‑related CSS. That makes it feasible to distribute the script together with encrypted webfonts to customers. Each customer receives a unique XOR key and the font files for that customer are encrypted with that key. Without the key the encrypted files are useless –unless the client code is cracked, of course.

Decryption and serving of the fonts is performed by that JavaScript, which we then heavily obfuscate. This adds friction but is a possible weakness too: obfuscation, no matter how elaborate, can be reversed. Cracking it, however, requires skill and patience, but it is possible. The key could be handled more securely (for example via server‑assisted, short‑lived keys), but that would require more server‑side work, and the design goal here is to keep client-integration simple.

Client-side decryption and the obfuscated script can slightly slow down page loading, but I reduce this impact by loading fonts asynchronously and using caching. The effect on user experience is minimal. The sizes of the font files stay the same after being XOR-encrypted.

In conclusion, customer-distributed font files include only XOR-based protection; the fonts themselves are not altered: Unicode codepoints and outlines remain intact. The DTL type tester, by contrast, applies an additional layer of font‑level obfuscation, since it exposes the full library for live rendering. These protections are designed to reduce the risk of unauthorized downloading and redistribution as much as possible, while keeping the fonts usable in their intended contexts.