i-us Wire
Will-Harris Wire Home

Search the wire

Wire Logo
Wire Logo

IE4’s Font
Security Flawed

By Daniel Will-Harris

10-27-97 - Font foundries and designers have been vocal in their fear of font embedding on the web, and now it seems their fears were well-founded, at least in the case of Microsoft’s new browser, Internet Explorer 4. The browser’s new OpenType font embedding feature has a security flaw that makes it easy for any user, even those without technical knowledge, to capture embedded fonts from a web site and install them into their system for use with all their software. You don’t have to be a hacker to accomplish this. I will not reveal the steps here, because I don’t want people pirating fonts.

Netscape 4’s “TrueDoc” dynamic font embedding system from Bitstream does not have this problem.

Embedded OpenType, “.eot” files, are supposedly only useable inside IE4, and, like Navigator’s font system, are tied to the domain they were embedded for, so they can’t be displayed on other sites. But IE4’s current implementation makes these fonts extremely insecure.

While Windows on its own will not allow these fonts to be used except by the browser, other programs can easily bypass this protection. These programs don’t do anything special or illegal to get around this protection (nor were they designed for this purpose). It just seems that Microsoft didn’t take this scenario into account.

The only TrueType fonts that are protected are those with the “embedding bit” set to “No embedding.” This bit allows the type foundry to decide how their fonts will be embedded, from “installable” which installs fonts into the system, to “Editable” (they can be edited in the final document), to “Print and Preview” (which is just what it says and allows no editing”), to “No embedding.”

However, when the browser fonts are installed into the system you can create and edit documents just as if they’d been set to “installable.”

Currently, the embedding tool only works with TrueType fonts, but Microsoft plans to release a version that supports Type1 fonts by the end of the year. Type1 fonts have no “embedding bit,” but Microsoft has said they plan to check with individual font manufacturers and set up a list of embedding instructions from various vendors.

Microsoft’s official response to this problem contradicts earlier statements about the safety of fonts, as well as shows a serious lack of concern over the matter:

    “It's widely accepted within the font industry that font embedding mechanisms are never completely foolproof, irrespective of whether the data embedded in a document is an actual font or encrypted outlines. For this reason Microsoft's approach has been to use a proven, stable technology developed with the help and blessing of the font industry. Our embedding technology has been a feature of Microsoft Office applications such as Word and PowerPoint since 1991. It allows font vendors - who may be concerned about the illegal extraction and reuse of their work - to set an embedding bit in their font files which will prevent the font from being embedded at all. Microsoft always respects the level of embedding set by the original font creator, and because we use the actual outlines created by the font vendor, we respect the IPR and skill of the vendor. This is something that the embedding of mathematical approximations of the design can never guarantee.

    The possibility of extracting embedded font data in the manner identified is a consequence of the operating system architecture, rather than of the embedding services code . . . Instead, we are committed to a constant improvement of our embedding technology . . . a commitment demonstrated by our forthcoming OS support for process-private fonts. NT5 will have a new AddFontResource API capable of installing a font so that it can only be used by a specific process,” according to Microsoft Typography spokesperson, Simon Earnshaw.

Microsoft is putting all the responsibility for font security on the part of the font foundries. However, the foundries I spoke with all said they would have set their embedding bit differently had they known about this problem (something that wasn’t a problem six years ago when the embedding bit was created). It’s clearly impossible for foundries to go back and change the bit on all the fonts they’ve sold, so Microsoft needs to add a foundry list to the TrueType version of the embedding software. This would allow vendors to revise the embedding status of their libraries to “No Embedding,” regardless of what the embedding bits actually say.

As a charter member of TypeRight, a non-profit group formed to protect typeface designs,  I’m strongly recommending that Microsoft remove the embedding tool from their site and discontinue distribution until the problem has been resolved. Failing this, Microsoft could include a foundry list in the software to allow foundries to remove their fonts from the embedding process.

With over 2 million copies of IE4 distributed in the past two weeks alone, IE4’s font embedding may not adequately address the protection of the intellectual property rights of font designers and foundries.


Read the News.com follow-up to this story

Read the ComputerWorld follow-up to this story

Read the InfoWorld coverage



[Previous Article]

[Next Article]

[Wire Home] [Archives] [OpenWire] [Will-Harris House]

Daniel Will-Harris is a designer and author whose work can be found at http://www.will-harris.com. His site features TypoFile Magazine and Esperfonto, the web’s only typeface selection system. He may be reached via e-mail.

Visit eFuse, the friendly place to learn how to build a better web site

Copyright Daniel Will-Harris, 2001, All Rights Reserved