I would like to ask about web font securing best practices.
Here, for example, is an excerpt from license for http://www.fontsquirrel.com/fonts/Monoxil:
“Embedding of font software into digital documents or web pages is
permitted only in secured read-only mode. User has to secure that it
will be impossible to gain font software by any means or to copy it
from these documents.”
As far as I understand, typekit.com, makes fonts available only for
the current user's session, but the fonts are still being downloaded
to the client and once session is initialized you can download the
font’s file.
Also, I believe typekit may use some kind of technique similar to what
can be found on typotheque's FAQ:
http://www.typotheque.com/help?id=127 (they may cut down the font to
make it less usable for any other purpose than that particular web
page where they should be served to)
What are the best practices based on the web server’s configuration?
What can be done without modifying the font file itself?
How can we make the font's serving as secure as possible? What can be
done to make it accessible only for some domain? For it not to be
accessible with direct link?