Developers, do not embed Google’s products on your sites & compromise the privacy of your visitors.

#CleanUpTheWeb & strip your site of tracking devices by Google, Facebook, etc. to make the web safer. Yes, that includes Google Fonts loaded from Google’s servers.



#FuckOffGoogle @aral

@FuckOffGoogle @aral Google *fonts*? Can someone explain the problem there? There's not even any JavaScript involved...


@quarktheawesome @FuckOffGoogle @aral

Google font: they serve the font file to your visitors. It's a file transfert. So, they collect a log entry on their server with their IP/browser/where-they-came-from/etc... and because many dev use Google-font, they have a map of most of your visitors move accross the internet.

You can read my "second fight" on this article I published in 2016 :

@davidrevoy @FuckOffGoogle @aral Hrm, fair enough. I read a Google FAQ where they claim browsers cache this stuff frequently enough that they don't get a cohesive map - that caching/speed aspect is one of the reasons I'm reluctant to switch to selfhosting, though I guess with cloudflare it doesn't matter anyway.
Awesome post btw, great read. Love the cat avatar idea!

@davidrevoy @aral @fuckoffgoogle @quarktheawesome
You can use font-face instead, linking to your own font directory.
You can even check first if user's system has already those fonts.

\@font-face {
font-family: 'Flying circus';
local('Flying circus'),
url('FlyingCircus.otf'); }

Worth noticing: died because of google fonts.

On my personal machine I just have fonts.googleapis entry in my /etc/hosts redirected to localhost. I'm out :D
@fuckoffgoogle @davidrevoy Happy to see critique and efforts like this gaining traction. I've been encouraging people to install plugins like RequestPolicy or uMatrix for years, but half the Web breaks if you do

@davidrevoy @quarktheawesome @FuckOffGoogle @aral This is also relevant wrt GDPR, as even the possible connection to the Google servers counts as sharing data with third parties (i.e. requires consent and all the usual stuff)

@elomatreb @davidrevoy @FuckOffGoogle @aral Huh, hadn't even thought of the GDPR aspect of it. Would you have to specify data-sharing with third parties, or is a simple resource request different? Does the Google privacy policy automatically apply?

@quarktheawesome It shouldn't be different, as an IP address is considered just another form of identifiable information.

Google's Privacy Policy applies if you consent, otherwise you'd have to sign a Processing Agreement Contract (?) with Google I think, which would detail the policy regarding your clients data

@elomatreb "if you consent" - you as in the webmaster or you as in the enduser?

@quarktheawesome The end user, the admin/server operator isn't the one who loses privacy here

@quarktheawesome This is just the perspective of someone who runs a nonprofit forum website, not legal advice, yada yada

@davidrevoy very good write up, thanks! One thing intrigued me: do you write texts in ślōnskŏ gŏdka? :)

@saper Thank you!

This translation was a contribution of Grzegorz Kulik done one or two years ago. But it is not maintained I think.

Inscrivez-vous pour prendre part à la conversation

Framapiaf est un service de microblog similaire à Twitter. Il est libre, décentralisé et fédéré. Il permet de courts messages (max. 500 caractères), de définir leur degré de confidentialité et de suivre les membres du réseau sans publicité ni pistage.