Posted by Thomas Phinney
My recent surveys on Web fonts allowed for the respondents to comment on the specific question in their survey responses. Some of those comments seemed worth discussing more publicly.
I’m still working on the font vendors’ survey, but here are some of the comments.
“I’ll ask the SFLC if GPL font software can be converted into .EOT format; I assume it can, but the DRM in the format you mention in your blog post (IIRC you called it encryption though) might be problematic for GPLv2-only fonts. The OFL should be okay though. I’ll ask SIL too “
The .EOT encryption is going to be publicly documented as part of the open spec, meaning that any client can decrypt it. I’d hesitate to call it DRM in the normal sense, because in every form of DRM I’m familiar with, the encryption scheme is not public.
“uncomfortable with .eot because of “unknown” factor. original .eot had a dependency on microsoft windows. if specs and tools are really open and available on all platforms, then it’s not a problem.”
That is indeed the proposal. The spec would be completely public and sample code (presumably platform-independent) would be provided. Microsoft has contracted folks working on creating that sample code, working solely from the public spec.
“Domain restriction is crucial. There will always be pirates, but EOT sounds like it would keep most people honest.”
That’s the hope.
“EOT brings needless complexity and DRM to the table, and is not really in the interests of the free software font movement, imo.”
The complexity is only “needless” if you think free fonts are good enough for everybody, or that people should just ignore copyright law and the rights of the font creators. I don’t think you can call an open-spec version of .EOT “DRM” given that the info to decrypt the fonts is publicly available. And commercial software in general is “not in the interests of the free software movement,” but lots of people seem to find it worthwhile to make it and license it.
I’ll admit that I’m not overly concerned about what is or is not “in the interests of the free software movement” except insofar as those people are a subset of the people who create fonts and Web content or consume fonts and Web content. I like some of the principles of free software, and I like the idea of having more good-quality free fonts out there. If I was self-employed and had lots of time I’d be interested in contributing to the free fonts community. But I also think that people should have the right to determine what happens with font software they create, and that the W3C ought to listen to all the Web designers/producers who want to use retail fonts with HTML.
“Seems like if a font is on a server, there are ways to spider these with an eye toward license enforcement. However, unencrypted data is going to end up going places on its own, no doubt.”
Comments on various potential added restrictions on the “original fonts on Web servers” idea:
“Such fonts should have serial numbers, and only work on the URLs for which they are licensed to be installed. Like an application (Word, CS, etc.)”
Type vendors who sell fonts online could put in unique serial numbers at the time of sale, and in fact a few of them already do this (although not Adobe as yet). Browsers only working with fonts that are on the same domain has been discussed as an option for original fonts, and is part of EOT. I don’t think anybody has talked about sticking URLs in the original font files and restricting them that way.