-
Notifications
You must be signed in to change notification settings - Fork 472
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove Google Fonts (GDPR) #845
Comments
We looked into this and think the privacy risk posed by Google fonts is low. Google provides some more information about the data that their fonts collect, use, store and we're comfortable with their approach. What does using the Google Fonts API mean for the privacy of my users? Use of Google Fonts is unauthenticated. No cookies are sent by website visitors to the Google Fonts API. Requests to the Google Fonts API are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com, so that your requests for fonts are separate from and do not contain any credentials you send to google.com while using other Google services that are authenticated, such as Gmail. In order to serve fonts quickly and efficiently with the fewest requests, responses are cached by the browser to minimize round-trips to our servers. Requests for CSS assets are cached for 1 day. This allows us to update a stylesheet to point to a new version of a font file when it’s updated, and ensures that all websites using fonts hosted by the Google Fonts API will be using the most updated version of each font within 24 hours of each release. The font files themselves are cached for one year, which cumulatively has the effect of making the entire web faster: When millions of websites all link to the same fonts, they are cached after visiting the first website and appear instantly on all other subsequently visited sites. We do sometimes update font files to reduce their file size, increase coverage of languages, and improve the quality of their design. The result is that website visitors send very few requests to Google: We only see 1 CSS request per font family, per day, per browser. Google Fonts logs records of the CSS and the font file requests, and access to this data is kept secure. Aggregate usage numbers track how popular font families are, and are published on our analytics page. We use data from Google’s web crawler to detect which websites use Google fonts. This data is published and accessible in the Google Fonts BigQuery database. To learn more about the information Google collects and how it is used and secured, see Google's Privacy Policy. |
Thanks @pesieminski! :) @krautart to remove the Google Fonts enqueue, you can use the following snippet:
|
I hate to be this guy, but... Google hasn't made any official announcements yet regarding google-fonts and the GDPR, so things are still a bit unclear here. In the data that their fonts collect, use, store page in the google-fonts FAQ it mentions cookies etc, how securely the data is stored etc. That is fine for US laws, however, according to the GDPR no data can be collected without the user's consent unless there's a lawful basis.
And in https://policies.google.com/privacy#infocollect it clearly states that IPs are logged. But IPs are personal data according to the EU courts.
It's not a matter of risk, it's a matter of respecting our user's privacy. |
Thanks for sharing your concerns, @aristath. Although we are not going to remove Google Fonts from Storefront, if you aren't comfortable using them on your sites you can absolutely remove them with the snippet I provided above. |
In light of this should this issue be reopened? |
@tiagonoronha: I've recently come across this ruling of a German court that essentially makes it impossible to use Google Fonts in Germany and (probably in the future) also in other EU countries. In light of this it would be really helpful to have a simple way (via Customizer) to turn off Google Font integration. Court ruling (German only): https://openjur.de/u/2384915.html In addition, some companies in Austria are currently experiencing a series of disciplinary warning letters, referring to the court rule and urging them to stop using Google Fonts on their pages. WKO Newsletter (Austrian Economic Chamber, German only): https://www.wko.at/service/noe/Unterlassungsschreiben-samt-Auskunftsbegehren-eines-NOe-R.html |
That is true what @gebsl said. That is a big issue in Austria right now. And it is also a huge ToDo as we now have to correct all the websites that we published. Anyway, I've tried code above but it doesn't work. Google Fonts are still loaded. |
@ABooooo: I also had problems as I'm not using Storefront directly, but rather a child theme called Galleria (also from WooCommerce devs). I had to dig into the source code to find the necessary scripts to dequeue. Here's my approach: function galleria_remove_google_fonts() {
wp_dequeue_style( 'karla' );
wp_dequeue_style( 'libre-baskerville' );
wp_dequeue_style( 'storefront-fonts' );
// OPTIONAL: include fonts that are served from your local webserver
// wp_enqueue_style('my-local-fonts', '/wp-content/fonts/fonts.css');
}
add_action( 'wp_enqueue_scripts', 'galleria_remove_google_fonts', 100 ); // IMPORTANT: use 100 as prio, as 99 is already used by Galleria Depending on your theme/child-theme you'll probably need to dequeue different scripts. |
@gebsl thank you. I'll give it a try. |
|
@raubv0gel: While I agree that this call is unnecessary (in case Google Fonts is not active on the page) I think it's not a privacy issue, as it only queries the DNS server for DNS resolution. Looking at the GDPR this shouldn't be an issue. |
With the GDPR coming, loading fonts from Google is no longer recommended. It'd be great if the theme would offer to choose between google fonts and local font embedding. As a minimum please offer a solution to fully deactivate google fonts, so that no call to fonts.googleapis.com is left in the source-code.
thanks a lot.
The text was updated successfully, but these errors were encountered: