Comments (19)
I hope it can land someday [...].
I'm happy to say that addressing the underlying technical issues is top priority. Once that is done, adding support for popular webfonts should not take too long. In short, this feature is still on the roadmap.
from decentraleyes.
Thanks for participating in my thread, but this is simple - your IP and browser fingerprint are exposed because the font file must be downloaded from their servers. Weβre not talking about JS execution. Thatβs the end of the discussion about this.
from decentraleyes.
"Google's fonts are already open source"
[...]
"they could already have changed the fonts so you would be forced to keep an eye on it"
That's unrelated to the present discussion.
"integrating it as an own resource only causes more resource been wasted"
If you take this stance, then all Decentraleyes should go to the wastebasket. Decentraleyes already takes the trade-off of an initial cost of pre-packaged commonly-used web resources vs. fetching them on demand. Also, note the adjective contained in this issue's title: "Add popular Google Fonts to the bundle", nobody's asking for a 300MB xpi π, same as Decentraleyes already packages a chosen subset of js libs.
"even if you allow them externaly I see no reason how it compromises your privacy, it's well explained here"
That's purely Google's word, can change at any time, can be enforced by governement mandates, and many netizens simply don't trust it.
"If you don't like fonts you can already block them permanently or temporarily within uBlock/AdGuard etc. "
Strawman (you're criticizing something something different from what is being argued). I (and users interested in this feature) certainly don't want to block fonts. Of course we could if we wanted to. This feature is precisely about preserving webfont UX. I do like neat fonts and take the crisp serifs served by Gfonts rather than stock OS fonts. Also, some sites may depend on glyphs present in these fonts and not in my OS fonts, meaning the loss due to blocking would be more than just visual.
"The possible tracking which people are often refer too are not the fonts, it is the fact that the page you like to visit or coming from like to set the cookies"
There are many more ways to track people on the internet (see EFF's panopticlick). The threat with fonts may be mild, but at the most fundamental level, I don't especially like the idea of me requesting resources (logged by Google servers/CDNs) on half the web.
And I'm done contradicting, now to a simple & short positive assertion: packaging GoogleFonts in Decentraleyes would be valuable for the same reasons as packaging js libs is: performance and privacy.
I hope it can land someday π.
from decentraleyes.
BTW, according to Google itself, "Google Fonts logs records of the CSS and the font file requests..." each and every time a person requests an uncached font from a Google server.
from decentraleyes.
Once again: Just ignore this guy (@CHEF-KOCH). He does not know what he is talking about.
from decentraleyes.
I told you. He (@CHEF-KOCH) does not know what he is talking about. It's simple: Start ignoring his bullshit. In other projects he is doing the same. It's really bad. -.-
from decentraleyes.
@CHEF-KOCH
Don't you think that people does might not see fonts as a security problem, but as a tracking problem.
I personally like Decentraleyes for de-tracking reasons.
What is really your intentions here exactly?
from decentraleyes.
@Synzvato
for font read this can be helpful
http://sosweetcreative.com/2613/font-face-and-base64-data-uri
from decentraleyes.
@heforfree Thanks for sharing, will read!
from decentraleyes.
Downloading from Google fonts is probably the most rampant. At the same time, there are a few other common font CDN's that can be included as well.
from decentraleyes.
Just ignore this CHEF-KOCH. Mostly he does not know what he is talking about. He just produces text walls in different projects.
from decentraleyes.
Thanks for the suggestion!
In theory yes. As of now, Decentraleyes does not support non-script files (e.g. fonts or styles). Once it does, it might indeed be an idea to start serving some of the web's most popular fonts.
Semi-related issues (see answers): #32, #37
from decentraleyes.
@Synzvato Do you want to re-open this issue since #60 indicates that this may be a new feature?
Regardless, I have an interesting idea. I've noticed that many times the font requested from a CDN may already be present on the system, yet is still downloaded by the browser.
Using javascript, it is trivial to detect some of the most commonly installed fonts.
As such, until decentraleyes explicitly supports fonts, it could simply force the browser to use it's own system's fonts instead of downloading practically duplicate copies (for fonts that are installed). Yes, the system's fonts may not be absolutely 100% identical to the CDN fonts, but they are probably close enough for 99% of situations.
from decentraleyes.
I've been testing the idea proposed in the above comment, and so far, it is working quite well.
from decentraleyes.
Neat. Is there a clever way to deal with the fact that some custom font-faces use different names for system fonts? There can be subtle differences (missing spaces, added numbers, etc.) For example: HelveticaNeue
from decentraleyes.
@notatestuser I'm not yet sure whether there is an integrated translation table like with PDF files. From what I've read of the browser's source code (so far) and what I've tested (so far), there is not. However, writing one as an overlay is rather simple.
Fonts can also be edited with a hex editor to change their names.
Even with these tricks, it does not solve the subtle differences you mention. From what I've tested so far, the impact of these subtle differences, fortunately, is negligible. I haven't found any issues yet, but I've only tested a few hundred sites... and the web has a few more sites than that. ;-)
from decentraleyes.
Any updates in regards to this?
from decentraleyes.
@AshotN Resource additions are temporarily blocked by (1419459
). Please see #16 for more details.
from decentraleyes.
Any updates on this?
from decentraleyes.
Related Issues (20)
- Do strict blocking rules break the extension? HOT 5
- Decentraleyes breaks inSCREEN content HOT 3
- Chrome prevents local redirections HOT 3
- Decentraleyes breaks Nextcloud Security Scan HOT 1
- support wordpress specific jquery HOT 5
- Decentraleyes breaks Mes Lieux Paris HOT 2
- Breaks the Gazeta do Povo website HOT 1
- There are various resource hints and directives HOT 4
- Does decentraleyes inject offline cdns when they are blocked by Noscript and PrivacyBadger? HOT 2
- Decentraleyes beaks the FreeBusy website HOT 6
- Error on Chrome HOT 4
- Decentraleyes breaks the Transcend website HOT 2
- Decentraleyes breaks ManualsLib HOT 1
- XHR requests fail due to missing headers HOT 1
- Question: Is any substitute for Safari ?
- Decentraleyes beaks a Path of Exile fansite HOT 2
- Add rules for Chinese mirrors to the FAQ HOT 4
- Update HTTPS Everywhere configuration guide HOT 3
- about:config "show release notes" = false setting is ignored HOT 1
- Missing CDNs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from decentraleyes.