Jump to content
Not connected, Your IP:

Google Fonts website LEAKS IP addresses! Can this happen while using AirVPN? I don't know?

Recommended Posts

Posted ... (edited)

Can this happen while being connected via AirVPN ?  I do not know?




Earlier this month, a German court fined an unidentified website $110 for violating EU privacy law by importing a Google-hosted web font. The Register reports: The decision, by Landgericht Munchen's third civil chamber in Munich, found that the website, by including Google-Fonts-hosted font on its pages, passed the unidentified plaintiff's IP address to Google without authorization and without a legitimate reason for doing so. And that violates Europe's General Data Protection Regulation (GDPR). That is to say, when the plaintiff visited the website, the page made the user's browser fetch a font from Google Fonts to use for some text, and this disclosed the netizen's IP address to the US internet giant. This kind of hot-linking is normal with Google Fonts; the issue here is that the visitor apparently didn't give permission for their IP address to be shared. The website could have avoided this drama by self-hosting the font, if possible.
The decision says IP addresses represent personal data because it's theoretically possible to identify the person associated with an IP address, and that it's irrelevant whether the website or Google has actually done so. The ruling directs the website to stop providing IP addresses to Google and threatens the site operator with a fine of 250,000 euros for each violation, or up to six months in prison, for continued improper use of Google Fonts. Google Fonts is widely deployed -- the Google Fonts API is used by about 50m websites. The API allows websites to style text with Google Fonts stored on remote servers -- Google's or a CDN's -- that get fetched as the page loads. Google Fonts can be self-hosted to avoid running afoul of EU rules and the ruling explicitly cites this possibility to assert that relying on Google-hosted Google Fonts is not defensible under the law.



Read more of this story at Slashdot.

I originally saw this story posted on Facebook and here is their comment thread on it:

I do not know if this can still happen while being connected on ANY VPN, let alone while on or using AirVPN?  Can anyone help me who knows better?
I guess a simple yes or no from someone who knows better, would be reassuring lol

  Edited ... by OpenSourcerer
Mark the quote

Share this post

Link to post

When connecting to a website using Google Fonts, Google can only see the IP address of the VPN server you're connected to. I block Google Fonts in my browser using LocalCDN. Also, there's a bit of irony in you being concerned Google may have your IP address while also using Facebook, which is arguably a much more privacy invasive company.

Share this post

Link to post

Unsure how to feel about that. If it was in the Terms of Service, it should be okay. Google offers you pre-written text to paste into your ToS if you use their APIs. Now, if the website did not specify these walls of text, that's a real problem and I understand, otherwise it should be treated as "ToS accepted upon visit".
Real question is, can a website owner be expected to put additional work into a landing page with all content disabled and redirect the visitor once the ToS are accepted? Or will the owners yell that it's too disruptive for the visitor?

In any case, it's weird that something like this only comes up now, when millions of websites used this and continue using it. Maybe it was all about the missing ToS bit…


LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Unofficial Eddie for Android F-Droid repository: repo.opensourcery.eu

Want to contact me directly? All relevant methods are on my About me page.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image

  • Create New...