For pay web fonts: Use and Misuse

Last week a friend of mine Jason Scott showed me Typekit. Typekit is a site where you pay for access to their fonts for web usage. This might seem odd or just a natural progression of the pay-to-play direction the web seems to be taking. Let me say I have no problem with that, but having the curious nature that I do, I wanted to look under the covers at typekit and how they protect their fonts. So….

If you click on “Browse Fonts” you end up here, at their font library listing.

Say you really liked the font Coquette. So you pull up the source of the page and find http://typekit.com/fonts.css?font_ids=104&char_set=latin1&variations=all. Which is a css file which contains entries like this:

@font-face {
font-family: "coquette-1";
src: url(data:font/otf;base64,AAEAAAAQAQ..[cut]..AuOL1TA==);

font-style: normal;
font-variant: normal;
font-weight: 400;
}

That src: url(data:font/otf;base64… line is the font. base 64 encoded. “IF” you were to copy that long string of text start at the “AAE…” until the “”TA==” and put it into a website that Decoded Base64 it would spit out a file with an extension of “.bin” If you were to rename it to “.ttf”, you would have a font. Which you could then use with code like this:

@font-face {
    font-family: 'Coquette Regular';
   src: url('Coquette.eot');
   src: local('Coquette Regular'), local('Coquette-Regular'), 
url('Coquette.ttf') format('truetype');
}

Now. I realize that typekit is trying to make a business on hosting fonts, but they aren’t really doing anything to protect it.