Email or username:

Password:

Forgot your password?
Chris Coyier

It's wild to me that just using Google Fonts (the hosted-by-Google way) immediately makes you in violation of GDPR.

termageddon.com/google-fonts-v

You can always self-host though: gwfh.mranftl.com/fonts

Or it's a one-clicker on Cloudflare: developers.cloudflare.com/spee

37 comments
Scott Kellum :typetura:

@chriscoyier Seems not great to penalize individual sites for Google’s non-compliance and data collection practices. I get it, folks don’t consent to being tracked but these sites almost definitely didn’t consent to their visitors/customers being tracked either.

kolya

@chriscoyier
Using google hosted fonts is just giving away your users privacy for minor dev-ux. That's wild.

Vint Prox

@kolya @chriscoyier I resonate with this take. Pick right guns, people.

@BjornW@mastodon.social

@chriscoyier consider the amount of Google's resources...

Alphabet in 2022: 60 billion profit. More than the GDP of 128 countries!. Still they chose noncompliance with EU law. Instead it places the burden on the people & organisations using it's "free" services. That's in my view a bit wilder 😉

Colin

@chriscoyier Thanks for letting me know about Cloudflare, had no idea they'd created that feature

Sara Joy :happy_pepper:

@chriscoyier yip - I end up going through a slightly convoluted way of tricking Google fonts into letting me download the file, and then self host.

Fynn Becker

@sarajw @chriscoyier A great site for downloading open source fonts is fontsource.org.

They provide files already converted to WOFF2, unlike the Google Fonts download feature.

Sara Joy :happy_pepper:

@mvsde @chriscoyier yeah the Google fonts feature doesn't really do it, I forget the route I took last time but it involved copying and pasting from the files and codes Google gives to get to the woffs, haha.

Thank you!

Martijn Frazer

@sarajw @mvsde @chriscoyier Yeah, you can copy-paste the embed url into your browser to get the woff2 url and then copy-paste that to download it. Much more useful than downloading the TTF, for web at least.

cuan_knaggs

@sarajw @mvsde @chriscoyier an other good place is fontlibrary.org/. and you can use fontsquirrel.com/ to convert any font to a web font, it gives you all the code samples you need

ocdtrekkie

@mvsde @sarajw @chriscoyier Wait people use npm packages just to install fonts?

Fynn Becker

@ocdtrekkie @sarajw @chriscoyier You can download from Fontsource directly, but the npm packages are nice if you have a build setup already that can consume them. You always get up-to-date font files and font-family declarations.

Especially helpful for CJK fonts that are split into a hundred or so smaller files to speed up performance in browsers.

Darren Cadwallader

@kraftner I’ve used this one for a long time! But it looks like the font source site linked above is more up to date, and has variable fonts where those exist.

For example compare the Karla font on both sites — gwfh has only the older individual font files for each weight

@mvsde @sarajw @chriscoyier

Thomas

@plankton @mvsde @sarajw @chriscoyier Thanks! 🙏 I'll need to have a look at that then.

William O'Connell

@chriscoyier To me this really highlights the problems with GDPR. The goals are noble, but in practice almost every website is arguably non-compliant in one way or another, and the only way to know for sure is to get sued and go to court. EU users complain when non-EU sites block their traffic, but rulings like this make it clear why that happens.

Jeolen Bruine

@williamoconnell @chriscoyier I don't get the conclusion that "it highlights the problems with GDPR" when the problem is clearly Google siphoning unaware users' data. Use a Google font and you make calls to ads.google, how is that not a problem? Why should it be allowed without batting an eye?

The second problem is wanting to use GAFAM's tools for everything without second thought. It's high time developers get to think critically of the things they use and impose on unaware non-tech users.

Patrick Georgi

@jeolen @williamoconnell @chriscoyier The terms of service for Google Fonts are _very_ different from everything else at Google (see developers.google.com/fonts/fa)

They really try to do right here, but GDPR still requires consent before pushing PII (like IP addresses) to non-EU places.

That said, the CDN concept for common assets (like fonts or "standard" JS libraries) was more useful when multiple origins shared a CDN file. These days, browser download CDN files once per origin (i.e. website that's using it), removing most of the benefits of using a CDN.

tl;dr: Google Fonts is likely okay to use in theory, still requires opt-in by the user in practice, and doesn't even save bandwidth for the user like it used to.

@jeolen @williamoconnell @chriscoyier The terms of service for Google Fonts are _very_ different from everything else at Google (see developers.google.com/fonts/fa)

They really try to do right here, but GDPR still requires consent before pushing PII (like IP addresses) to non-EU places.

William O'Connell

@jeolen It's not clear to me that this ruling is Google-specific. It seems like the same logic could be applied to almost any third-party resource.

I'm not seeing any requests to ads.google on sites that use Google Fonts. The fonts come from fonts.gstatic.com. It's not obvious to me why it'd be ok for me to host my website on GCP but not ok to use a font hosted by Google. This seems like privacy theater.

Michael Marek

@chriscoyier
"recently" - That makes me smile a lot. The judgement from Munich is from January 2022.
The connection or embedding via external URLs of Google Fonts, or those of Adobe, Fontawesome or similar providers, have been an issue for much longer and all(!) cannot be used in compliance with the GDPR.
Simply because it doesn't have to be and fonts can also be integrated from your ‘own’ web server.
1/n

Michael Marek

@chriscoyier
The weak point is that, in my experience over the last few years, over 90% of CMS, plugin and theme(!) developers are not interested at all, they continue to use Google & Co. out of convenience and they often only had a ‘tired smile’ when I asked them. (Incidentally, this is one of the reasons why I left the WordPress world). They leave users who have little or no CSS knowledge completely on their own...
2/n

Michael Marek

@chriscoyier
And: Cloudflare is not a real alternative for German and, for the most part, European websites. A lot of data is transmitted to the USA there too... But if I start writing more about this and take a closer look at Microsoft and Apple, this already far too long post will turn into a novel ;-)
3/n - final

Daniel 🕊

@chriscoyier I prefer self-hosting - but for where you can’t, I recommend fonts.bunny.net/

Tim Murtaugh

@dcsturm @chriscoyier I switched all my projects from Google Fonts to Bunny a few years ago — it was a seamless process and I haven’t had to think about it one time since then.

Leigh Garland

@dcsturm @chriscoyier Perfectly timed post, was just thinking about where I might get fonts for a new project.

Colin M. Ford

@chriscoyier A good reason to buy fonts from independent foundries! We don't care who is visiting your site!

Dan Sugalski

@chriscoyier From that decision it looks like this applies to any and all resources a site might use that aren't hosted at that site -- not just fonts from google, but fonts from anywhere, or javascript or images that are hosted elsewhere.

Can't really argue that having self contained websites are bad, but it is definitely gonna be a shift for a lot of people.

Mark Conroy

@chriscoyier

Google Fonts Helper is a handy way to get Google Fonts to self-host.

gwfh.mranftl.com/fonts

Bob 🇺🇲♒🐧🪖

@chriscoyier

I always take all outside links to any of those corporate spyware systems out when using someone else's code 🤬🤬🤬

Hazmeister

@chriscoyier by extension, using something like recapcha would also make you non compliant as that downloads Google fonts in the background for the UI. I’m sure other Google services act in a similar way.

Go Up