Some font developers are afraid that Microsoft's Internet Explorer 4.0 makes it easy for others to capture font designs embedded in documents and install them on their systems, putting their intellectual property at risk.
Daniel Will-Harris, a graphic designer and columnist, raised the issue in a column last week that he wrote for the I/US World Wide Web site.
Will-Harris said he found a way to capture fonts from Web documents using Internet Explorer 4.0. The method was independently confirmed by another font developer, Chris MacGregor.
Microsoft officials don't deny that it possible to capture the fonts, but contend that the breach doesn't violate any laws and that the actual process isn't that easy to accomplish.
But Will-Harris and MacGregor said the process was simple even though it required using a third-party tool.
When fonts -- unique designs for letters and numbers -- are embedded in Web documents, an end user sees the document as the designer intended. The concern raised by Will-Harris applies to documents with fonts embedded into Web pages using Microsoft's embedding tool.
"When Explorer captures a page with embedded fonts, the fonts are treated as separate objects -- similar to a [graphics interchange format] file," said Will-Harris. "That object is downloaded on the user's machine, and even though the objects are compressed and encrypted, there is a distressingly simple way -- one that requires no technical expertise -- to take those objects and permanently install them your system," he added. Installing those fonts would violate the font software license and embedding agreements, he said.
Font designs aren't copyrighted in the United States, unlike most other Western countries, but the font software is. The lack of protection is a sore point with font designers, who have formed TypeRight, a nonprofit group that seeks changes in the law.
Will-Harris sees this as a security issue for Explorer -- and for Microsoft. "The software could be putting other people's intellectual property at risk," he said. "If this was happening with other kinds of software, people would understand it more quickly," he added.
But a Microsoft official disputes Will-Harris' contention. "This is not a security issue at all -- there is certainly no risk to a user's computer," says Michael Bernard, Microsoft's product manager for Internet Explorer.
Microsoft officials say capturing fonts is beyond the ability of casual users. And even if fonts were captured, they point out, most documents only include those fonts actually used to create a document, rather than a complete set of the font's designs. "This isn't the sort of thing we're going to start posting fixes up on the Web for," Bernard says.
Despite that, MacGregor says, Microsoft's browser "is still giving away someone's work."
Microsoft says font makers can add permission bits to their fonts that can prevent embedding. For instance, the company says with TrueType, its own font technology, if a font doesn't have a bit set, then default embedding isn't allowed.
Meanwhile, Netscape's browsers use a different font technology that doesn't allow copying, Will-Harris said. Font developers, particularly those who work on Macintosh systems, are questioning the adequacy of Microsoft's bit permission protection. Embedding is a hot topic among many font designers, who are clearly worried about protecting their designs. "A lot of font makers don't do this as their only job," says font designer Don Synstelien. "I run it as a hobby, out of love."