Host fonts locally instead of using Google Fonts #25
Comments
|
We use Google Fonts in a lot of places. The GDPR is insane if that's the proper interpretation of it. Webfonts can be disabled at the client side. If someone's software is configured to accept our suggestions of what data it should fetch and actually fetch it, but it remains perfectly free to disregard the suggestion altogether and the website will continue functioning? Then it's absolutely ridiculous to go after the website's owners. The cookie laws are almost as ridiculous. Really, if they wanted to create a distinction between required/optional cookies, then they should have mandated websites obey some new variant of |
Well, the website's owners are sharing metadata/personal information (depends on how you define e.g. IP addresses) about the user without permission or explicit approval, and I think we should choose to not do that. The expectation that every user should disable web fonts when web fonts aren't the problem is a bit far-fetched from many perspectives and could objectively even make the user more trackable, if we're to assume that the user is careful enough as far as the subject is concerned. In the real world, you regularly see websites disguising third-party code as first-party code to bypass such restrictions. Cookie banners being made as annoying and as hard to navigate as humanly possible isn't the EU's fault either, and Anyways, this GDPR law is not federal in the US-sense, the law gets implemented by each state "independently" and decisions that impose this interpretation are not necessarily universal, e.g. a court in Munich deciding that a user can get 100 Euros in damages because of a website "forwarding the user's IP address without permission" doesn't mean that something like that would happen across the bloc. However, this still a place where, well, this is the case, and such decisions do impact the proactive steps that should be taken. |
No, they're not. The website's owners are suggesting that the browser fetch information from another server, which will indeed implicitly expose the IP addresses, but it is not the website owners which share that information directly; it's the browser which initiates the request which does so.
Webfonts and cross-origin requests are disable-able by users. Perhaps we should avoid using Google Fonts for other reasons, but doing so because "the GDPR might make all non-disclosed cross-origin requests illegal" is insane.
No, they should disable all cross-origin requests if they really care about this, or at least deny them by default.
Yes, I saw this headline when it first happened. It is completely ridiculous, whether or not this is what the law is saying or whether it is a wrong interpretation/implementation of it, to say that the IP address was "forwarded" by the website, when the website did no such thing but merely requested the client do so. |
|
Yeah, I see where you're coming from.
Let's assume that what I mentioned here as a reason for moving forward with something like that is totally junk. Does for other reasons (I agree that there's other reasons too) mean that this is an effort still worth pursuing? |
n0toose
changed the title
n0toose
changed the title
|
I think your point would be valid @waddlesplash if browsers were designed differently, but this is not the case. No matter how you feel about the legalities, fetching the fonts from Google's servers without allowing an informed opt-in from the user is a GDPR violation. We should self-host them. |
Depending on third-party domains (e.g.
gstatic.comor Google Fonts) (e.g.:website-inc/themes/hugo-smorg/scss/smorg.scss
Line 34 in a4acae3
The text was updated successfully, but these errors were encountered: