this post was submitted on 05 Feb 2024
138 points (96.6% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54574 readers
347 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
138
submitted 9 months ago* (last edited 9 months ago) by [email protected] to c/[email protected]
 

I have bought a font with a really shitty license agreement and I have a couple of questions.

  1. How can I best share the font with the community? (I am afraid of metadata in the font files, which may be tied to my payment account etc. - I had to register and log in to download the ttf files)

  2. How can I remove the DSIG and other metadata from the ttf file while keeping it usable?

  3. Are they able to detect it if I use the font in a commercial product online by crawling my website and if yes, how could I prevent an automatic detection attempt?

To my (and possibly your) surprise, I didn't find any free downloads of the font online. Their license is tied to a personal account, you have to log into once a year to keep the license. As far as I understand they theoretically could use the DSIG to let the ttf files "expire", at least when used in software that verifies the signature. But I may be wrong, please let me know.

Thanks in advance and cheers-I mean ARR

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 9 months ago* (last edited 9 months ago) (1 children)

Like I mentioned in my post, I don't really understand it, thats why I asked.

But I've read https://learn.microsoft.com/en-us/typography/opentype/spec/dsig and to me it sounds like your OS for example (or any other software) could attempt to verify the validity of the DSIG of a font. If it works similarly to other types of signing, the certificate authority, in this case the creator of the font, could declare a font signed with a specific key invalid and your OS e.g. would then prohibit you from installing it.

But I may be completely wrong here. Maybe nobody is bothering with it, but since we live in DRM hell, I wnated to ask to make sure.

[–] [email protected] 2 points 9 months ago

Thanks for explaining. I guess this would be comparable to e.g. Blu-ray key revocation. I suppose it's possible but I'm not sure how likely it is considering the potential downsides, e.g. legal liability, for anyone doing this, compared to I'm not sure what upsides where there's no profit to be found and all costs sunk