Okay, so: German court decided on Jan. 20th 2022 that sites will need to host Google fonts locally.

Visitors are otherwise entitled to receive 100€ in recompensation for Google fonts transferring IP numbers to Google servers.
Google uses fonts to track users, especially if they are logged into only one other server, where stored personal data might identify them.

Court decision text in German (Landgericht München)

rewis.io/urteile/urteil/lhm-20

#google #tracking #fonts #liability #germany #funny

@jayrope never understood why people wouldn't just do that

five minutes of work, and your cookie consent looks much shorter

@meena And to be mor specifically answering: A cookie conent in't even neceary, if you don't have any cookis happening. On a wider note Google fonts don't use any cookies. They are part of Google's (and other's) future tracking universe, which doesn't need any cookies. It needs users to be logged into sites, while the fonts just track their IP number elsewhere. You match these two things and you have a personalized connection. So we all should remember to log out of sites we don't use right now.

@kuba @jayrope you're logged in somewhere (GMail), that gives the initial clue. and then you use a website that uses Google Fonts, but no Google Analytics? You can still be correlated.

@meena @jayrope but how, without cookies? Based on IP or the user agent string?

@kuba same as fakebook with 1 pixel beacon. the power of big data and good algorithm. So they have hits from time to time from person X on different sites because of that pixel or fonts, but somewhere on server now records exist. At some point person will open site where they are logged in, so now ALL these records have name on it. I'll admit, just recording an IP with request for font/beacon is not so powerful as tracking, but this is not only thing to fingerprint someone. @meena @jayrope

@kuba @meena @jayrope if my understanding serves, by matching your IP (and probably browser fingerprint) between (in this example) gmail and where you viewed the fonts.

@meena @kuba @jayrope They discovered these simple tricks in the mid 2000s, and it's largely how Google got to be what it is now. Data mining the logs.

For a long time naive techies also gave them cover, with the mantra of "I trust Google with X". Sponsorship has also helped to ensure that nobody gives a tech talk about this. But I notice that the EU is now starting to get interested in self-hosted fonts, and so the classic grift might not be able to continue much longer.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!