decentraleyes
decentraleyes copied to clipboard
Synzvato
Add popular Google Fonts to the bundle
Thanks for the suggestion!
In theory yes. As of now, Decentraleyes does not support non-script files (e.g. fonts or styles). Once it does, it might indeed be an idea to start serving some of the web's most popular fonts.
Semi-related issues (see answers): #32, #37
@Synzvato for font read this can be helpful
http://sosweetcreative.com/2613/font-face-and-base64-data-uri
Downloading from Google fonts is probably the most rampant. At the same time, there are a few other common font CDN's that can be included as well.
@Synzvato Do you want to re-open this issue since #60 indicates that this may be a new feature?
Regardless, I have an interesting idea. I've noticed that many times the font requested from a CDN may already be present on the system, yet is still downloaded by the browser.
Using javascript, it is trivial to detect some of the most commonly installed fonts.
As such, until decentraleyes explicitly supports fonts, it could simply force the browser to use it's own system's fonts instead of downloading practically duplicate copies (for fonts that are installed). Yes, the system's fonts may not be absolutely 100% identical to the CDN fonts, but they are probably close enough for 99% of situations.
I've been testing the idea proposed in the above comment, and so far, it is working quite well.
Neat. Is there a clever way to deal with the fact that some custom font-faces use different names for system fonts? There can be subtle differences (missing spaces, added numbers, etc.) For example: HelveticaNeue
@notatestuser I'm not yet sure whether there is an integrated translation table like with PDF files. From what I've read of the browser's source code (so far) and what I've tested (so far), there is not. However, writing one as an overlay is rather simple.
Fonts can also be edited with a hex editor to change their names.
Even with these tricks, it does not solve the subtle differences you mention. From what I've tested so far, the impact of these subtle differences, fortunately, is negligible. I haven't found any issues yet, but I've only tested a few hundred sites... and the web has a few more sites than that. ;-)
@CHEF-KOCH
"Google's fonts are already open source" [...] "they could already have changed the fonts so you would be forced to keep an eye on it"
That's unrelated to the present discussion.
"integrating it as an own resource only causes more resource been wasted"
If you take this stance, then all Decentraleyes should go to the wastebasket. Decentraleyes already takes the trade-off of an initial cost of pre-packaged commonly-used web resources vs. fetching them on demand. Also, note the adjective contained in this issue's title: "Add popular Google Fonts to the bundle", nobody's asking for a 300MB xpi 🙂, same as Decentraleyes already packages a chosen subset of js libs.
"even if you allow them externaly I see no reason how it compromises your privacy, it's well explained here"
That's purely Google's word, can change at any time, can be enforced by governement mandates, and many netizens simply don't trust it.
"If you don't like fonts you can already block them permanently or temporarily within uBlock/AdGuard etc. "
Strawman (you're criticizing something something different from what is being argued). I (and users interested in this feature) certainly don't want to block fonts. Of course we could if we wanted to. This feature is precisely about preserving webfont UX. I do like neat fonts and take the crisp serifs served by Gfonts rather than stock OS fonts. Also, some sites may depend on glyphs present in these fonts and not in my OS fonts, meaning the loss due to blocking would be more than just visual.
"The possible tracking which people are often refer too are not the fonts, it is the fact that the page you like to visit or coming from like to set the cookies"
There are many more ways to track people on the internet (see EFF's panopticlick). The threat with fonts may be mild, but at the most fundamental level, I don't especially like the idea of me requesting resources (logged by Google servers/CDNs) on half the web.
And I'm done contradicting, now to a simple & short positive assertion: packaging GoogleFonts in Decentraleyes would be valuable for the same reasons as packaging js libs is: performance and privacy.
I hope it can land someday 🙂.
@CHEF-KOCH Don't you think that people does might not see fonts as a security problem, but as a tracking problem. I personally like Decentraleyes for de-tracking reasons. What is really your intentions here exactly?
@henri98, @ronjouch
I hope it can land someday [...].
I'm happy to say that addressing the underlying technical issues is top priority. Once that is done, adding support for popular webfonts should not take too long. In short, this feature is still on the roadmap.
BTW, according to Google itself, "Google Fonts logs records of the CSS and the font file requests..." each and every time a person requests an uncached font from a Google server.
@CHEF-KOCH @All
Just ignore this CHEF-KOCH. Mostly he does not know what he is talking about. He just produces text walls in different projects.
Once again: Just ignore this guy (@CHEF-KOCH). He does not know what he is talking about.
Thanks for participating in my thread, but this is simple - your IP and browser fingerprint are exposed because the font file must be downloaded from their servers. We’re not talking about JS execution. That’s the end of the discussion about this.
I told you. He (@CHEF-KOCH) does not know what he is talking about. It's simple: Start ignoring his bullshit. In other projects he is doing the same. It's really bad. -.-