Can Google track me if I use Google Web Fonts?

Asked 11/6, 2012 at 9:37 Answered 9/2, 2023 at 23:19

Solved fonts tracking privacy google-webfonts

By using Google Web Fonts can/does Google

process the text of the webpage (despite disallowed by robots.txt)
track the visitors of the webpage, and (theoretically) recognize them
track the changes made to the webpage (despite robots.txt)

Except knowing that another download is made to their font and css file, of course. :)

I assume Google naturally would/could count and track the number of visitors of my webpage, is this right?

edit: "I", "my" - I've tried to use these terms as "generally speaking" here

Boyceboycey answered 11/6, 2012 at 9:37 Comment(4)

I think it's off-topic, and flagged it accordingly. – Candlefish 11/6, 2012 at 9:39

why would be this off? based on the faq, I think it's on topic. faq, good: (g1) a specific programming problem? no (g2) a software algorithm? no (g3) software tools commonly used by programmers? yes (g4) practical, answerable problems that are unique to the programming profession? yes; faq, anti-bad: [only ask] practical (yes), answerable (yes) [questions] based on actual problems (yes) that you face (yes); faq, bad: Chatty? no, open-ended? no [questions diminish...] [should be] reasonably scoped? yes, [If you can imagine] an entire book? no – Boyceboycey 16/6, 2012 at 18:2

I think this is a great question and does not deserve such... – Randellrandene 6/7, 2012 at 21:59

I'm voting to close this question as off-topic because it's based on opinion and no obtainable fact. The accepted answer is pure guesswork without reference and may actually be false because we have no way of knowing. – Righthanded 23/3, 2017 at 11:39

Google can for sure count your users and track their IP address, browser version, and such. It won't be able to access user cookies as the font resides on a different domain.

By using a web font you are not sharing any content with the font provider, but your users may be providing a referrer address to the provider (the URL of the page containing the font request, i.e. using the font). If your page is public and does not require authentication, nothing prevents Google from reading this referrer, except best practices. If it requires authentication, then Google should not be able to get the text.

Moye answered 11/6, 2012 at 9:41 Comment(4)

It’s not the “authentication” that matters, but the encryption. If your site uses no encryption, the “Referer” gets sent and nothing is stopping Google from feeding it to their algorithms. If your site does use encryption, they won’t receive the Referer, and thus they will only know that someone is requesting the font, but they won’t know for what webpage that font will be used. – Lent 5/1, 2016 at 0:8

@Lent even if the site uses encryption (https), the referrer WILL be sent if the font is referred to with an https address as well. At least that's what I understand from the MDN: "A Referer header is not sent by browsers if: [...] An unsecured HTTP request is used and the referring page was received with a secure protocol (HTTPS)." See developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer. So they could (and probably do) track you. – Lucchesi 22/8, 2019 at 13:48

does it also apply, can Google still track you / your website users, if you download their font, and serve it on your own? – Endomorphic 25/1 at 0:42

No, if you download the font from Google Fonts and serve it yourself, then Google has no means to track anything. It is just like any other file that you serve yourself. – Moye 25/1 at 8:0

Google answers this question in their Google Fonts API docs.

To paraphrase the essential info:

"The Google Fonts API is designed to limit the collection, storage, and use of end-user data to what is needed to serve fonts efficiently."

"[...] requests for fonts are separate from and do not contain any credentials you send to google.com while using other Google services that are authenticated, such as Gmail."

"The font files themselves are cached for one year [...] When millions of websites all link to the same fonts, they are cached after visiting the first website and [the] result is that website visitors send very few requests to Google:"

Shiver answered 22/6, 2020 at 19:47 Comment(1)

Browsers no longer share caches across website origins, so that last statement is now incorrect. – Brammer 6/8, 2022 at 13:44

Sadly, the currently selected answer by @Palantir is false.

For clarity, Google does not use any information collected by Google Fonts to create profiles of end users or for targeted advertising.

Specifically to the first and third bullet, it makes no changes to robots.txt compliance of the crawler.

To the second bullet, based on the 'generally speaking' interpretation of the word 'tracking' on the dedicated Privacy and Data Collection page of Google Fonts

The use of the Google Fonts Web API is unauthenticated and the Google Fonts API does not set or log cookies. Requests to the Google Fonts Web API are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com. Font requests are separate from and don't contain any credentials sent to google.com while using other Google services that are authenticated, such as Gmail.

Also, Colin's answer is partially out of date as well with regards to caching-based privacy:

It has come a long way from its original value proposition—to make the web faster by allowing your browser to cache commonly used fonts across all the websites that used the API. This is no longer true, but the API still provides additional and important optimizations so that websites load quickly and the fonts work well.

Clannish answered 9/2, 2023 at 23:19 Comment(0)

Recommended topics

Hot tags