I wanted to chime in with a few important points in response to the comments on Bill Hill’s post over on the IEBlog.
There are a few people who are fundamentally missing the point: for example, user kL who comments: “Please, don’t push this crappy format. XORing of files is not a legal solution.” Actually, kL, EOT is a legal solution – the EOT format was specifically on the table when the “embedding” bit in OpenType was designed, and font foundries know what it does and how. And by-and-large, they’re happy with it, or they turn off the embedding bit, and then EOT will not work for that font.
kL goes on to say “We can already break law/leech bandwidth by (hot)linking copyrighted images, copyrighted MP3s, etc. Fonts are no different and DRM won’t help here a bit.” You’re quite right, kL, that this will not prevent lawbreaking. However, it DOES give a way to LEGALLY use commercial fonts (those that allow embedding, anyway); directly posting the .TTF or .OTF file on your web server will violate your license for commercial fonts (okay, perhaps there are some fonts out there somewhere that allow this in their EULA, but I’ve never found one.) Linking to raw .TTF/.OTF files WILL, in fact, encourage font piracy, as vastly more commercial fonts will be placed (unadorned) online, where they can be easily pilfered.
Perhaps I should ask Apple how happy they are if I post their fonts on a web server?
[A side note to the inimitable Joe Clark: I’m not actually the head of the browser team. Just some guy with a perverse passion for doing this. And it wasn’t just “clean this up and make this validate” – it was more like “Bill, you can’t ship this crap that Publisher spit out. Let me show you how you’re SUPPOSED to code…” followed by one late night, and then I had to drop it to focus on something else. I’m still hoping to finish the clean recode this week.]
By the way, I don’t particularly care that Acid3 uses direct linking to TTF files; that just goes to show that it is duplicitous to make a “standards test” that tests things that are only Working Drafts of low priority to the working group (as per the CSS WG’s table of priorities). Trying to circumvent the standards process by throwing whatever test you want into a so-called standards test won’t make us implement anything faster.
I’ve been clear on this to the CSS WG, so I suppose I should be here too – we (Microsoft) should NOT support direct TTF/OTF embedding, unless 1) there is some check that the font intended that use to be allowed, which I don’t think there currently is (as it needs to refer to the license agreement), AND 2) other browsers also implement a system that actually ENABLES commercial fonts – those that are allowed to be embedded, but cannot be legally placed directly on a server – to be used.As I also stated to the WG – I don’t personally even care that much if that system is EOT as it is today; I’d be okay with building a new system if the details of EOT were a sticking point. But I want to use commercial fonts on my web pages, I want that to work interoperably across browsers, and I want to not have to violate my license for the fonts I use (and get sued for it) in order to make that happen. A solution that only works for freeware fonts is not a solution.
Is that too much to ask?
in progress 
kL goes on to say “We can already break law/leech bandwidth by (hot)linking copyrighted images, copyrighted MP3s, etc. Fonts are no different and DRM won’t help here a bit.” You’re quite right, kL, that this will not prevent lawbreaking. However, it DOES give a way to LEGALLY use commercial fonts (those that allow embedding, anyway); directly posting the .TTF or .OTF file on your web server will violate your license for commercial fonts (okay, perhaps there are some fonts out there somewhere that allow this in their EULA, but I’ve never found one.) Linking to raw .TTF/.OTF files WILL, in fact, encourage font piracy, as vastly more commercial fonts will be placed (unadorned) online, where they can be easily pilfered.
Perhaps I should ask Apple how happy they are if I post their fonts on a web server?
[A side note to the inimitable Joe Clark: I’m not actually the head of the browser team. Just some guy with a perverse passion for doing this. And it wasn’t just “clean this up and make this validate” – it was more like “Bill, you can’t ship this crap that Publisher spit out. Let me show you how you’re SUPPOSED to code…” followed by one late night, and then I had to drop it to focus on something else. I’m still hoping to finish the clean recode this week.]
By the way, I don’t particularly care that Acid3 uses direct linking to TTF files; that just goes to show that it is duplicitous to make a “standards test” that tests things that are only Working Drafts of low priority to the working group (as per the CSS WG’s table of priorities). Trying to circumvent the standards process by throwing whatever test you want into a so-called standards test won’t make us implement anything faster.
I’ve been clear on this to the CSS WG, so I suppose I should be here too – we (Microsoft) should NOT support direct TTF/OTF embedding, unless 1) there is some check that the font intended that use to be allowed, which I don’t think there currently is (as it needs to refer to the license agreement), AND 2) other browsers also implement a system that actually ENABLES commercial fonts – those that are allowed to be embedded, but cannot be legally placed directly on a server – to be used.As I also stated to the WG – I don’t personally even care that much if that system is EOT as it is today; I’d be okay with building a new system if the details of EOT were a sticking point. But I want to use commercial fonts on my web pages, I want that to work interoperably across browsers, and I want to not have to violate my license for the fonts I use (and get sued for it) in order to make that happen. A solution that only works for freeware fonts is not a solution.
Is that too much to ask?