When I embed Google Fonts in my website via the Google Fonts Web API, what data does Google receive from my website visitors?
When end users visit a website that embeds Google Fonts, their browsers send HTTP requests to the Google Fonts Web API. The Google Fonts Web API serves the Google Fonts Cascading Style Sheets (CSS) and subsequently the font files specified in the CSS to the users. Such HTTP requests include
(1) the IP address used by the respective user to access the Internet,
(2) the requested URL on the Google server, and
(3) HTTP headers including the user agent describing the website visitors’ Internet browser and operating system versions as well as the referer (i.e. the webpage on which the Google font is to be displayed).
Interesting. Thank you! I’ve never looked this far into fonts because I never thought about that.
That really is a load of bullshit. They should only be collecting, since they are going to collect, the data for the requesting API entity if they really need that info. It would at least protect the end user but make sense for understanding why a certain page is requesting their font.
When Google explains in their privacy policy that their Fonts API collects your browsing data, I believe them. Without proof.
https://developers.google.com/fonts/faq/privacy
When I embed Google Fonts in my website via the Google Fonts Web API, what data does Google receive from my website visitors?
When end users visit a website that embeds Google Fonts, their browsers send HTTP requests to the Google Fonts Web API. The Google Fonts Web API serves the Google Fonts Cascading Style Sheets (CSS) and subsequently the font files specified in the CSS to the users. Such HTTP requests include
(1) the IP address used by the respective user to access the Internet,
(2) the requested URL on the Google server, and
(3) HTTP headers including the user agent describing the website visitors’ Internet browser and operating system versions as well as the referer (i.e. the webpage on which the Google font is to be displayed).
Interesting. Thank you! I’ve never looked this far into fonts because I never thought about that.
That really is a load of bullshit. They should only be collecting, since they are going to collect, the data for the requesting API entity if they really need that info. It would at least protect the end user but make sense for understanding why a certain page is requesting their font.