Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
webfont name obfuscation
See original GitHub issueHello,
I am trying to find a reliable method to ‘obfuscate’ the name table of TTF/OTF fonts when these are used as webfonts, in order to prevent users from installing them locally as desktop fonts.
FontTool’s subset.py already drops all nameIDs except 1 (famliy) and 2 (subfamily) by default, thus making the subset fonts impossible to install and use on both Windows and OSX (I haven’t tested Linux yet).
A problem of dropping all names except 1 and 2 is that the subset fonts can no longer be converted to EOT format, since they lack some required names. EOT conversion apparently requires all nameIDs from 1 to 6 in order to work, as discussed here.
An alternative (or concurrent) approach to dropping all names except 1&2, could be to replace the names with either empty or dummy strings, like FontSquirrel currently does with its “WebOnly” option**.
By comparing the name table generated through FontSquirrel with the original one, I tried to reconstruct the ‘recipe’ that FontSquirrel uses:
1) for the Mac (plaformID=1):
1.1) set the "family" (nameID=1) and "uniqueID" (nameID=3) records to an empty "" string;
1.2) set the "subfamily" (nameID=2) and "postscript name" (nameID=6) records to a "\x7f" string
(i.e. the "DELETE" control character U+007F);
1.3) keep the "full name" (nameID=4) and append " Webfont" to it;
1.4) discard all the mac nameIDs in the range 0-255 except for 1, 2, 3, 4, and 6;
2) for Windows (platformID=3):
2.1) set the "family" (1) and "full name" (4) records to the dummy string ".\x7f" (period + U+007F),
encoded as UTF-16 Big Endian;
2.2) set the "subfamily" (2) and "uniqueID" (3) records to an empty "" string;
2.3) set the "postscript name" (6) to the dummy string "\x7f" (this time without period);
2.4) keep all the other Windows name records.
Something similar to this could be easily implemented as an “–obfuscate-name” option to pyftsubset. I wonder if others would be interested too.
Cheers,
Cosimo
** Another source of info on webfont name obfuscation is Paul Irish’s Typophile post and the discussion that follows.
Issue Analytics
- State:
- Created 9 years ago
- Comments:11 (8 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
The Mac name IDs are for the pre Mac OS X macOS and thus mostly obsolete, except for MS Word for OS X which still used them in recent versions
On Jul 17, 2017 7:31 AM, “Arno-Enslin” notifications@github.com wrote:
pyftsubset removes the namerecords for plaformID 1 (Mac) completely. I assume, that you have checked to see, whether none of these records is needed on the Mac. Would you confirm that, please? (You only have written, that you have checked to see, whether the fonts with the obfuscated names can converted to eot with sfntly and whether they are uninstallable on both platforms, but not, whether they work in IE 8 and 11 on the Mac, but not on Windows only. The Fontsquirell webfont generator still doesn’t remove the namerecords for plaformID 1. And I don’t have a Mac. So I cannot check that by myself.)
By the way, I have tried your Python bindings for sfntly, anthrotype. Works fine, thanks! But a solution, that does not require Java would be cool. (I have installed Java only because of sfntly. And if sfntly would be integrated into the AFDKO, a pure Python solution would be cleaner for two reasons: First, because the Java installer has a file size of round about 60 MB and a pre-installation contained in the AFDKO would enlarge the size of the AFDKO very much. [There are some scripts from Ken Lunde, that already require a Perl installation, but I assume, that these scripts could also be written in Python.] Second: In my imagination Java is not as secure as Python with regard to malware. With regard to the second point I may be totally wrong.)
My concerns with regard to the AFDKO and the FontTools are: I am mainly a user, but not a DAU. With regard to the technical aspects of font development there are many type designers, for which the installation, build process and the use of the AFDKO seem to be harder than for myself. So I am afraid, that these excellent tools are mainly used by developers, but not by artistical creative people. On typografie.info for example is a type designer, from which I know, that he is not fallen on the head with regard to the technical aspects of font development, but I was not able to make the AFDKO tasty for him, although I tried more than one time.