Fun fact: if the website you’re visiting includes a free font hosted by Google, the website and page you were accessing are sent to Google alongside your IP address. Google assert that they don’t use that data to personalise your ads, but they don’t mention not using it for other purposes as far as I recall, and Google also dropped their “Don’t be evil” motto. At first I found that funny (who proposes that in a meeting and how do you come to agree to drop not being evil?!), but increasingly I realise that it wasn’t just an absurd decision but a serious policy shift.
Fun fact: if the website you’re visiting includes a free font hosted by Google, the website and page you were accessing are sent to Google alongside your IP address.
Are you sure about this? Do you have proof? Working as an SEO for ten years I never heard this. A user asks the website to load a page which is on the website’s host servers (maybe Amazon, maybe private, etc).
The website would use an API to make a call to google’s servers and ask for the resources to load the font and then load the font once the resources were authenticated and sent. There should be no reason to send the accessing user’s data to Google for the web font because it should all be done from the host’s servers to request the font and load it and then it displays that to the user. It’s not like the user needs to load the font, the host does, and the user is just asking the host.
Maybe there’s something I’m missing and never learned though, so if you can provide documentation for me to read then I would greatly appreciate it.
When I embed Google Fonts in my website via the Google Fonts Web API, what data does Google receive from my website visitors?
When end users visit a website that embeds Google Fonts, their browsers send HTTP requests to the Google Fonts Web API. The Google Fonts Web API serves the Google Fonts Cascading Style Sheets (CSS) and subsequently the font files specified in the CSS to the users. Such HTTP requests include
(1) the IP address used by the respective user to access the Internet,
(2) the requested URL on the Google server, and
(3) HTTP headers including the user agent describing the website visitors’ Internet browser and operating system versions as well as the referer (i.e. the webpage on which the Google font is to be displayed).
Interesting. Thank you! I’ve never looked this far into fonts because I never thought about that.
That really is a load of bullshit. They should only be collecting, since they are going to collect, the data for the requesting API entity if they really need that info. It would at least protect the end user but make sense for understanding why a certain page is requesting their font.
Fun fact: if the website you’re visiting includes a free font hosted by Google, the website and page you were accessing are sent to Google alongside your IP address. Google assert that they don’t use that data to personalise your ads, but they don’t mention not using it for other purposes as far as I recall, and Google also dropped their “Don’t be evil” motto. At first I found that funny (who proposes that in a meeting and how do you come to agree to drop not being evil?!), but increasingly I realise that it wasn’t just an absurd decision but a serious policy shift.
Are you sure about this? Do you have proof? Working as an SEO for ten years I never heard this. A user asks the website to load a page which is on the website’s host servers (maybe Amazon, maybe private, etc).
The website would use an API to make a call to google’s servers and ask for the resources to load the font and then load the font once the resources were authenticated and sent. There should be no reason to send the accessing user’s data to Google for the web font because it should all be done from the host’s servers to request the font and load it and then it displays that to the user. It’s not like the user needs to load the font, the host does, and the user is just asking the host.
Maybe there’s something I’m missing and never learned though, so if you can provide documentation for me to read then I would greatly appreciate it.
When Google explains in their privacy policy that their Fonts API collects your browsing data, I believe them. Without proof.
https://developers.google.com/fonts/faq/privacy
When I embed Google Fonts in my website via the Google Fonts Web API, what data does Google receive from my website visitors?
When end users visit a website that embeds Google Fonts, their browsers send HTTP requests to the Google Fonts Web API. The Google Fonts Web API serves the Google Fonts Cascading Style Sheets (CSS) and subsequently the font files specified in the CSS to the users. Such HTTP requests include
(1) the IP address used by the respective user to access the Internet,
(2) the requested URL on the Google server, and
(3) HTTP headers including the user agent describing the website visitors’ Internet browser and operating system versions as well as the referer (i.e. the webpage on which the Google font is to be displayed).
Interesting. Thank you! I’ve never looked this far into fonts because I never thought about that.
That really is a load of bullshit. They should only be collecting, since they are going to collect, the data for the requesting API entity if they really need that info. It would at least protect the end user but make sense for understanding why a certain page is requesting their font.