I have a client that wants to host his webfonts on his own server. I have a font.com account where the font was hosted until now. I went truth the fonts.com agreement (Point 18.) Where they say, that you can host files on your own server, but you have to protect them as good as possible.
The only way I can think of doing so, is by restricting the requests on those files with HTTP_REFERER in the .htaccess.
Can I do more to protect those fonts? Does it make any sense to make more and do you think that it is a sufficient protection?
I don't personally believe in technical copy protection, you can always copy what you can see somehow. But I don't want my client to get in to legal trouble. Do you have any experience with this?
edit
I'm interested in the legal aspect as well. What can happen, if someone can download the font and reuse it? Do they mean i have to protect the font only from hot-linking or from downloading as well?
You will find some interesting methods in the article by typekit : "Serving and Protecting Fonts on the Web"
They use methods like HTTP Referrer checking, base64 encoding, segmenting. However none of these provide complete protection and one has concur with this statement from the article:
The fact is, for something to appear in a browser, it has to be on the web. If it’s on the web, it can’t be completely protected....We’ve put up a few hurdles of our own. Our intent is only to discourage casual misuse and to make it clear that taking fonts from Typekit is an explicit and intentional act.
The second thing to bear is that the licensee can always disregard the agreement, and that is why companies like Adobe which produces one the most excellent fonts states the usage terms including for the web in Font licensing page.
See also the Font Licensing Issues discussed in the W3 CSS3 webfonts spec.