21

By using Google Web Fonts can/does Google

  • process the text of the webpage (despite disallowed by robots.txt)
  • track the visitors of the webpage, and (theoretically) recognize them
  • track the changes made to the webpage (despite robots.txt)

Except knowing that another download is made to their font and css file, of course. :)

I assume Google naturally would/could count and track the number of visitors of my webpage, is this right?

edit: "I", "my" - I've tried to use these terms as "generally speaking" here

n611x007
  • 8,952
  • 8
  • 59
  • 102
  • 2
    I think it's off-topic, and flagged it accordingly. – Seçkin Savaşçı Jun 11 '12 at 09:39
  • 5
    why would be this off? based on the faq, I think it's on topic. faq, good: (g1) a specific programming problem? no (g2) a software algorithm? no (g3) software tools commonly used by programmers? yes (g4) practical, answerable problems that are unique to the programming profession? yes; faq, anti-bad: [only ask] practical (yes), answerable (yes) [questions] based on actual problems (yes) that you face (yes); faq, bad: Chatty? no, open-ended? no [questions diminish...] [should be] reasonably scoped? yes, [If you can imagine] an entire book? no – n611x007 Jun 16 '12 at 18:02
  • 3
    I think this is a great question and does not deserve such... – Aaron Gray Jul 06 '12 at 21:59
  • I'm voting to close this question as off-topic because it's based on opinion and no obtainable fact. The accepted answer is pure guesswork without reference and may actually be false because we have no way of knowing. – Rob Mar 23 '17 at 11:39

3 Answers3

18

Google can for sure count your users and track their IP address, browser version, and such. It won't be able to access user cookies as the font resides on a different domain.

By using a web font you are not sharing any content with the font provider, but your users may be providing a referrer address to the provider (the URL of the page containing the font request, i.e. using the font). If your page is public and does not require authentication, nothing prevents Google from reading this referrer, except best practices. If it requires authentication, then Google should not be able to get the text.

Palantir
  • 23,820
  • 10
  • 76
  • 86
  • 2
    It’s not the “authentication” that matters, but the encryption. If your site uses no encryption, the “Referer” gets sent and nothing is stopping Google from feeding it to their algorithms. If your site *does* use encryption, they won’t receive the Referer, and thus they will only know that someone is requesting the font, but they won’t know for what webpage that font will be used. – Gandaro Jan 05 '16 at 00:08
  • 3
    @Gandaro even if the site uses encryption (`https`), the referrer WILL be sent if the font is referred to with an `https` address as well. At least that's what I understand from the MDN: "A Referer header is not sent by browsers if: [...] An unsecured HTTP request is used and the referring page was received with a secure protocol (HTTPS)." See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer. So they could (and probably do) track you. – aspyct Aug 22 '19 at 13:48
4

Google answers this question in their Google Fonts API docs.

To paraphrase the essential info:

"The Google Fonts API is designed to limit the collection, storage, and use of end-user data to what is needed to serve fonts efficiently."

"[...] requests for fonts are separate from and do not contain any credentials you send to google.com while using other Google services that are authenticated, such as Gmail."

"The font files themselves are cached for one year [...] When millions of websites all link to the same fonts, they are cached after visiting the first website and [the] result is that website visitors send very few requests to Google:"

Honbra
  • 23
  • 6
Colin R. Turner
  • 1,323
  • 15
  • 24
  • Browsers no longer share caches across website origins, so that last statement is now incorrect. – Steve Aug 06 '22 at 13:44
0

Sadly, the currently selected answer by @Palantir is false.

For clarity, Google does not use any information collected by Google Fonts to create profiles of end users or for targeted advertising.

Specifically to the first and third bullet, it makes no changes to robots.txt compliance of the crawler.

To the second bullet, based on the 'generally speaking' interpretation of the word 'tracking' on the dedicated Privacy and Data Collection page of Google Fonts

The use of the Google Fonts Web API is unauthenticated and the Google Fonts API does not set or log cookies. Requests to the Google Fonts Web API are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com. Font requests are separate from and don't contain any credentials sent to google.com while using other Google services that are authenticated, such as Gmail.

Also, Colin's answer is partially out of date as well with regards to caching-based privacy:

It has come a long way from its original value proposition—to make the web faster by allowing your browser to cache commonly used fonts across all the websites that used the API. This is no longer true, but the API still provides additional and important optimizations so that websites load quickly and the fonts work well.

MyPreciousss
  • 186
  • 2
  • 10