 It's wild to me that just using Google Fonts (the hosted-by-Google way) immediately makes you in violation of GDPR. https://termageddon.com/google-fonts-violates-gdpr/ You can always self-host though: https://gwfh.mranftl.com/fonts Or it's a one-clicker on Cloudflare: https://developers.cloudflare.com/speed/optimization/content/fonts/ 37 comments
@chriscoyier Seems not great to penalize individual sites for Google’s non-compliance and data collection practices. I get it, folks don’t consent to being tracked but these sites almost definitely didn’t consent to their visitors/customers being tracked either.  @chriscoyier   @chriscoyier consider the amount of Google's resources... Alphabet in 2022: 60 billion profit. More than the GDP of 128 countries!. Still they chose noncompliance with EU law. Instead it places the burden on the people & organisations using it's "free" services. That's in my view a bit wilder 😉 @chriscoyier Thanks for letting me know about Cloudflare, had no idea they'd created that feature @chriscoyier yip - I end up going through a slightly convoluted way of tricking Google fonts into letting me download the file, and then self host. @sarajw @chriscoyier A great site for downloading open source fonts is https://fontsource.org. They provide files already converted to WOFF2, unlike the Google Fonts download feature. @mvsde @chriscoyier yeah the Google fonts feature doesn't really do it, I forget the route I took last time but it involved copying and pasting from the files and codes Google gives to get to the woffs, haha. Thank you!  @sarajw @mvsde @chriscoyier Yeah, you can copy-paste the embed url into your browser to get the woff2 url and then copy-paste that to download it. Much more useful than downloading the TTF, for web at least.  @sarajw @mvsde @chriscoyier an other good place is https://fontlibrary.org/. and you can use https://www.fontsquirrel.com/ to convert any font to a web font, it gives you all the code samples you need  @ocdtrekkie @sarajw @chriscoyier You can download from Fontsource directly, but the npm packages are nice if you have a build setup already that can consume them. You always get up-to-date font files and font-family declarations. Especially helpful for CJK fonts that are split into a hundred or so smaller files to speed up performance in browsers. @kraftner I’ve used this one for a long time! But it looks like the font source site linked above is more up to date, and has variable fonts where those exist. For example compare the Karla font on both sites — gwfh has only the older individual font files for each weight @chriscoyier To me this really highlights the problems with GDPR. The goals are noble, but in practice almost every website is arguably non-compliant in one way or another, and the only way to know for sure is to get sued and go to court. EU users complain when non-EU sites block their traffic, but rulings like this make it clear why that happens. @williamoconnell @chriscoyier I don't get the conclusion that "it highlights the problems with GDPR" when the problem is clearly Google siphoning unaware users' data. Use a Google font and you make calls to ads.google, how is that not a problem? Why should it be allowed without batting an eye? The second problem is wanting to use GAFAM's tools for everything without second thought. It's high time developers get to think critically of the things they use and impose on unaware non-tech users. @jeolen It's not clear to me that this ruling is Google-specific. It seems like the same logic could be applied to almost any third-party resource. I'm not seeing any requests to ads.google on sites that use Google Fonts. The fonts come from fonts.gstatic.com. It's not obvious to me why it'd be ok for me to host my website on GCP but not ok to use a font hosted by Google. This seems like privacy theater. @chriscoyier @chriscoyier @chriscoyier @chriscoyier I prefer self-hosting - but for where you can’t, I recommend https://fonts.bunny.net/ @dcsturm @chriscoyier I switched all my projects from Google Fonts to Bunny a few years ago — it was a seamless process and I haven’t had to think about it one time since then.  @dcsturm @chriscoyier Perfectly timed post, was just thinking about where I might get fonts for a new project. @chriscoyier A good reason to buy fonts from independent foundries! We don't care who is visiting your site!  @chriscoyier From that decision it looks like this applies to any and all resources a site might use that aren't hosted at that site -- not just fonts from google, but fonts from anywhere, or javascript or images that are hosted elsewhere. Can't really argue that having self contained websites are bad, but it is definitely gonna be a shift for a lot of people.   I always take all outside links to any of those corporate spyware systems out when using someone else's code 🤬🤬🤬 @chriscoyier by extension, using something like recapcha would also make you non compliant as that downloads Google fonts in the background for the UI. I’m sure other Google services act in a similar way. |
Gregory's Server
@chriscoyier or https://fonts.bunny.net