>Additionally, most of the time web fonts are downloaded from a third-party delivery network such as Google Web Fonts or Adobe Fonts. One of the advantages of using these systems is that the likelihood that a visitor’s browser already has a font cached locally from a previous visit to any other site using the same font is relatively high.
That likelihood is relatively low (though not as low as JS CDNs). Modern browsers explicitly forbid sharing cache entries across websites; so the likelihood is zero now.
>There are some privacy concerns when your browser makes the link to the font network’s domain. While they deny the practice, these services have the ability of profiling your browser (using browser fingerprinting with your IP address and HTTP referer header) to track what sites you visit, building a valuable profile about you that they could sell to marketers.
Also, if you're in the EU, this constitutes an illegal GDPR data export if the company running the CDN has any amount of American ownership.
My personal opinion is that instead of blocking Google Web Fonts, we should have an extension with the entire Google Web Fonts library preloaded in it, that transparently redirects every font lookup to its local cache. This neatly fixes the privacy problems and makes all CDN fonts load super fast.
I think the idea of web fonts is so that new fonts could be added and a user doesn't have to do something local to the browser.
And this feature costs privacy. If people really understood the implications of loss of privacy, they would not want it. However, most people don't, and would gladly swap privacy for features (and then in the future complain about it when the implications becomes real or affects them).
Yes, but if you install the entire font library locally then you have all those fonts in your system font picker, which you may or may not want. You also have to continue checking for new fonts or have sites that use them break. Having an extension do this for you is easier.
Also, there's no particular reason why webfonts need to cost privacy. The only reason to ever hotlink Google Fonts was to either...
- Accelerate load times (which is dubious)
- Be slightly easier to implement for lazy developers
Google Fonts are all freely licensed and specifically allow you to rehost them. All you have to do is download the TTFs and link to them in a @font-face declaration.
Adobe Fonts are the ones you can't self-host, because the actual CDN is a vehicle for calculating and charging a licensing fee. The privacy risk is deliberate, in this case - font owners need to know how many pageviews sites are getting so they can be charged the correct amount. Even then, this is something that could be done by having each site report their own usage statistics... except then the font vendors have to trust you, and they don't want to do that.
Please don't use TTFs for your webfonts. They are far too big for the task and the optimized option, WOFF2, is so well supported that barring a future formats, I would consider all other formats deprecated for the web—don't even host them or include them in @font-face.
on macos you can install fonts and put them in categories. so i can have a category called “web fonts”. anytime i wanna pick fonts in other apps i’ll just look through my favorite categories instead of the whole fonts book.
and exactly how large of a download would be "download entire font library"? all that just to use one font? that's like downloading an entire JS library to use one thing from it if not worse.
If you're selfhosting you only need to have the fonts you actually intend to use, not the entire library. Having the entire library would only make sense for an extension that replaces Google Fonts requests with itself.
> That likelihood is relatively low (though not as low as JS CDNs). Modern browsers explicitly forbid sharing cache entries across websites; so the likelihood is zero now.
Even a decade ago when this was common practice, it was absolutely pointless because Google Fonts used to (still does?) set a cache time of only 2hrs.
> >the likelihood that a visitor’s browser already has a font cached locally from a previous visit to any other site using the same font is relatively high.
>That likelihood is relatively low
That likelihood was never high, and obviously so, I have no idea why it gets parroted so much. And even if it was true, I could have shown up to your website with jQuery and bootstrap cached, but oops it was a different free cdn so cache miss.
The only thing you had a high likelihood of is customers noticing your website was slow without knowing its just your poorly chosen free cdn being temporarily over capacity.
This will not work for web fonts that are required license. For example, the commercial font served by MyFonts by Monotype. The license term clearly stated that every time when the font is loaded, the counting system increase and incurred a cost to the owner.
That likelihood is relatively low (though not as low as JS CDNs). Modern browsers explicitly forbid sharing cache entries across websites; so the likelihood is zero now.
>There are some privacy concerns when your browser makes the link to the font network’s domain. While they deny the practice, these services have the ability of profiling your browser (using browser fingerprinting with your IP address and HTTP referer header) to track what sites you visit, building a valuable profile about you that they could sell to marketers.
Also, if you're in the EU, this constitutes an illegal GDPR data export if the company running the CDN has any amount of American ownership.
My personal opinion is that instead of blocking Google Web Fonts, we should have an extension with the entire Google Web Fonts library preloaded in it, that transparently redirects every font lookup to its local cache. This neatly fixes the privacy problems and makes all CDN fonts load super fast.