I have bought a font with a really shitty license agreement and I have a couple of questions.

  1. How can I best share the font with the community? (I am afraid of metadata in the font files, which may be tied to my payment account etc. - I had to register and log in to download the ttf files)

  2. How can I remove the DSIG and other metadata from the ttf file while keeping it usable?

  3. Are they able to detect it if I use the font in a commercial product online by crawling my website and if yes, how could I prevent an automatic detection attempt?

To my (and possibly your) surprise, I didn’t find any free downloads of the font online. Their license is tied to a personal account, you have to log into once a year to keep the license. As far as I understand they theoretically could use the DSIG to let the ttf files “expire”, at least when used in software that verifies the signature. But I may be wrong, please let me know.

Thanks in advance and cheers-I mean ARR

  • Evil_incarnate@lemm.ee
    link
    fedilink
    English
    arrow-up
    12
    ·
    9 months ago

    If I have it right, it goes like this. I purchase the font package, the seller includes hidden in the files an identifier so they know it’s mine. I share the files across the seven seas. The seller keeps a lookout for their fonts being shared, and spots it in the wild, downloads it and finds out who’s it was.

    • SquiffSquiff@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 months ago

      Oh no, I understood the watermarking concern. This sort of thing is famous with with Oscar screeners and electronic books. I was asking about OP’s suggestion that the font might be effectively withdrawn by a third party

      • Deckweiss@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        7
        ·
        edit-2
        9 months ago

        Like I mentioned in my post, I don’t really understand it, thats why I asked.

        But I’ve read https://learn.microsoft.com/en-us/typography/opentype/spec/dsig and to me it sounds like your OS for example (or any other software) could attempt to verify the validity of the DSIG of a font. If it works similarly to other types of signing, the certificate authority, in this case the creator of the font, could declare a font signed with a specific key invalid and your OS e.g. would then prohibit you from installing it.

        But I may be completely wrong here. Maybe nobody is bothering with it, but since we live in DRM hell, I wnated to ask to make sure.

        • SquiffSquiff@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          Thanks for explaining. I guess this would be comparable to e.g. Blu-ray key revocation. I suppose it’s possible but I’m not sure how likely it is considering the potential downsides, e.g. legal liability, for anyone doing this, compared to I’m not sure what upsides where there’s no profit to be found and all costs sunk

        • AnAngryAlpaca@feddit.de
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          9 months ago

          Maybe is in the metadata as someone pointed out earlier, or it could be an otherwise unused ASCII char that looks different for each user who licensed it when printed out, sort of like a qr code as a single ASCII char.

          Or it could be that they simply just check filename, file size and/or md5, all of which can be easily changed.

        • killeronthecorner@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          Files have formats. Anything “hidden” here is destroyed by conversion to a different font format before redistribution.

          There is no way of controlling this from the authors side without some sort of DRM.