this post was submitted on 05 Feb 2024
138 points (96.6% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

52591 readers
303 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

💰 Please help cover server costs.

Ko-FiLiberapay

founded 1 year ago
MODERATORS
db0@lemmy.dbzer0.com
sunbrothersco@lemmy.dbzer0.com
dataprolet@lemmy.dbzer0.com
Flatworm7591@lemmy.dbzer0.com
RandomLegend@lemmy.dbzer0.com
138
How to pirate a font (lemmy.world)
submitted 5 months ago* (last edited 5 months ago) by Deckweiss@lemmy.world to c/piracy@lemmy.dbzer0.com
42 comments fedilink hide all child comments
 

I have bought a font with a really shitty license agreement and I have a couple of questions.

  1. How can I best share the font with the community? (I am afraid of metadata in the font files, which may be tied to my payment account etc. - I had to register and log in to download the ttf files)

  2. How can I remove the DSIG and other metadata from the ttf file while keeping it usable?

  3. Are they able to detect it if I use the font in a commercial product online by crawling my website and if yes, how could I prevent an automatic detection attempt?

To my (and possibly your) surprise, I didn't find any free downloads of the font online. Their license is tied to a personal account, you have to log into once a year to keep the license. As far as I understand they theoretically could use the DSIG to let the ttf files "expire", at least when used in software that verifies the signature. But I may be wrong, please let me know.

Thanks in advance and cheers-I mean ARR

you are viewing a single comment's thread
view the rest of the comments
[–] SquiffSquiff@lemmy.world 7 points 5 months ago (1 children)

Please excuse my lack of knowledge here. Am I under to understand from your post that software that you have purchased from another supplier will check from files that you have bought from this supplier and refuse to use them based on their attestation?

[–] Evil_incarnate@lemm.ee 12 points 5 months ago (2 children)

If I have it right, it goes like this. I purchase the font package, the seller includes hidden in the files an identifier so they know it's mine. I share the files across the seven seas. The seller keeps a lookout for their fonts being shared, and spots it in the wild, downloads it and finds out who's it was.

[–] SquiffSquiff@lemmy.world 4 points 5 months ago (1 children)

Oh no, I understood the watermarking concern. This sort of thing is famous with with Oscar screeners and electronic books. I was asking about OP's suggestion that the font might be effectively withdrawn by a third party

[–] Deckweiss@lemmy.world 7 points 5 months ago* (last edited 5 months ago) (1 children)

Like I mentioned in my post, I don't really understand it, thats why I asked.

But I've read https://learn.microsoft.com/en-us/typography/opentype/spec/dsig and to me it sounds like your OS for example (or any other software) could attempt to verify the validity of the DSIG of a font. If it works similarly to other types of signing, the certificate authority, in this case the creator of the font, could declare a font signed with a specific key invalid and your OS e.g. would then prohibit you from installing it.

But I may be completely wrong here. Maybe nobody is bothering with it, but since we live in DRM hell, I wnated to ask to make sure.

[–] SquiffSquiff@lemmy.world 2 points 5 months ago

Thanks for explaining. I guess this would be comparable to e.g. Blu-ray key revocation. I suppose it's possible but I'm not sure how likely it is considering the potential downsides, e.g. legal liability, for anyone doing this, compared to I'm not sure what upsides where there's no profit to be found and all costs sunk

[–] killeronthecorner@lemmy.world 2 points 5 months ago (1 children)

Isn't this easily bypassed by modifying the "hidden" part

[–] Kanzar@lemmy.world 4 points 5 months ago (2 children)

If you even know what the hidden part(s) is, is the problem.

[–] AnAngryAlpaca@feddit.de 5 points 5 months ago* (last edited 5 months ago)

Maybe is in the metadata as someone pointed out earlier, or it could be an otherwise unused ASCII char that looks different for each user who licensed it when printed out, sort of like a qr code as a single ASCII char.

Or it could be that they simply just check filename, file size and/or md5, all of which can be easily changed.

[–] killeronthecorner@lemmy.world 1 points 5 months ago

Files have formats. Anything "hidden" here is destroyed by conversion to a different font format before redistribution.

There is no way of controlling this from the authors side without some sort of DRM.