There seems to be a great deal of paranoia about what data is collected by Google, so I checked[1]:
> What does using the Google Fonts Web API mean for the privacy of my users?
> The Google Fonts API is designed to limit the collection, storage, and use of end-user data. The use of the Google Fonts Web API is unauthenticated and the Google Fonts API does not set or log cookies. Requests to the Google Fonts Web API are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com. Font requests are separate from and don't contain any credentials sent to google.com while using other Google services that are authenticated, such as Gmail.
> When I embed Google Fonts in my website via the Google Fonts Web API, what data does Google receive from my website visitors?
> When end users visit a website that embeds Google Fonts, their browsers send HTTP requests to the Google Fonts Web API. [ snipped details of how HTTP works and headers like referrer ]
> For clarity, Google does not use any information collected by Google Fonts to create profiles of end users or for targeted advertising.
(There's also an answer to what they do that is different than statically hosting: [2])
[1] https://developers.google.com/fonts/faq/privacy
[2] https://developers.google.com/fonts/faq/privacy#what_are_the...
I'm guessing you read that and think, see they are awesome and privacy preserving! I read that and think much differently, but I'm obviously a pessimist here.
I really love this line:
> For clarity, Google does not use any information collected by Google Fonts to create profiles of end users or for targeted advertising.
Except they already have a profile of you, I promise. For instance, they explicitly don't say they don't use information from google fonts requests to update their existing profiles of you.
That’s accurate. Google has a massive amount of user-specific data, but it’s not exposed to advertisers in a way that exposes PII or is traceable back to specific users.
Like you said- it doesn’t mean that Google itself can’t use that data.
My problem with giving any company the benefit of doubt or other less-than-cynical interpretation, is that almost all agreements/promises come with an explicit “we can change this at will” clause, or at very least given no promise that things won't change for the worse.
I think that
> Google does not use any information collected by Google Fonts to create profiles of end users or for targeted advertising.
should be read as:
> Google does not CURRENTLY use any information collected by Google Fonts to create profiles of end users or for targeted advertising.
Also note that the text as-is says nothing about updating existing profiles, just that new ones won't be created from this data.
Even if google was a magic privacy paradice, it would still be slower to make a new http connection. 103 early hints might slightly improve it.
All of this is in the context of "as currently understood". Things can change. The information quoted could be wrong (wouldn't be the first time). Why risk it at all if you can copy the font and host it yourself trivially?
Why would anyone care about someone that wants to self-host a font
I don’t care, I think it’s fine of course.
GOOG certainly doesn’t care either, as they really don’t need secret, ill-gotten font data. Like 80% of Internet use is using the browser they wrote and most sites already have their ad tracking JS running.
Just thought it relevant that the popular opinion here about it is in direct contradiction of what Google is saying. Persisting in believing there’s some secret malevolence at play here is not surprising, but it’s not disprovable, so it is fair to say it’s a matter of faith rather than of fact.
As I understand it, Google wants to "organize the world's data": that means all of it, secret, public, private, legal, illegal, ill-gotten and freely handed over. There's no "malevolence", Google is not a person. It's an organization and hoovering up data is its raison d'etre. Unless regulators force it to do otherwise, it will gather and store data.
This is the company that set up a fleet of cars to take photos of everything and snort up wifi traffic while they were at it. https://www.wired.com/2012/05/google-wifi-fcc-investigation/