False sense of security

Photo by public15


http://www.e-signature.com/ provides logo and signature embedded fonts. Per se, there is nothing wrong with the service, and is useful for people who need it.

However, a look at the website throws up the claims below. Each one has a quote from me below it on the truth behind the statement.

Imagine being able to distribute a signed word processing document to your staff or clients without fear of the logo or signature being copied…

DW: Even if the font is embedded, the logo/signature can still be copied and used on other documents. While this is not possible as a font letter, it can be done as a bitmap.

No embedding is the option most often selected for signatures as it ensures the highest security – the signature will only appear on computers that have the font installed. If you use signature fonts for signing checks, no embedding is also recommended.

DW: Please don’t use this for cheques. Its easier for someone to access your computer and steal the font than you think. The font will be installed on your PC and will remain there, its not something that you can carry on a pen drive and keep in lock and key.

The recipient does not have access to the font to reproduce it in another document nor can they cut-and-paste the on-screen signature or logo.

DW: Again wrong. It cannot be cut-and-pasted as a font letter, but can be done as a bitmap.

Keep your font proprietary. No one can copy your font because it will reside in an inaccessible cache on the browser. You can display your text the way you want without fear of anyone copying it.

DW: What’s an inaccessible cache? No cache is inaccessible – a smart user can always take your font away. Remember: if the browser can download it (and use it to show your content), a user can download it too.

It appears to me that these folks are very much aware that they are making statements that are not 100% truth. A false sense of security is worse than no security.


Licensing and information about the blog available here.