Avoid downloadable fonts via inspectors

[oysteinhusby]

Whichever font is previewed is loaded in such a way that it can easily be downloaded via Chrome Inspect and other similar tools.
Is this the intended behavior? Is there a way to avoid this?

Obviously, running a commercial font site where the fonts are downloadable with a few simple clicks is unacceptable.

[kontur]

There is no technical way to avoid sending a webfont to the browser if the browser should render said webfont.

Obviously, running a commercial font site where the fonts are downloadable with a few simple clicks is unacceptable.

You'd be surprised. Any foundry with webfont based testers (and 99% of testers are webfont based) operates exactly like this.

Common mitigation strategies are:

• Subset your webfonts to not include the full font
• Subset the features in your webfonts
• Tweak the name tables of your webfonts in a way that makes them not easily installable, even if downloaded and decompressed. You'll want to look into fontTools pyftsubset with the --obfuscate-names option
• Offer trial fonts to discourage bad actors from needing to rip the fonts from your website
• Accept that bad actors ripping font from your website would not be licensing them even if ripping the fonts was not possible
• Not having interactive font testers