Actually, your comment made me wonder how far does this go? Where does "third party" end? If I self host on Hertzner or Linode, I imagine their infrastructure logs IP addresses like Google Fonts here. But surely that doesn't require consent. Why not, what's the difference? What if you host with a much sketchier provider? I could see politicians thinking users would want to know if their requests were served by, say, China or Russia.
It's ok that their infrastructure logs IPs that it has to. They commit via their DPA to protecting personal data such as embedded in those logs, not logging what they don't need, not keeping it longer than necessary, only sharing it with third parties that agree similar protections, anonymising and aggregating as needed, etc.
You probably want an agreement like that with a hosting provider for another reason, not just IP logging: They have physical access to all your on site storage, user databases, etc. It's good that they commit to treating data on those physical systems with appropriate respect.
For that matter, does the fact that reaching my self hosted site must travel the last mile along a service I paid for (my ISP), mean I must gain consent for using them?
You don’t even need to host yourself the asset, just setup a reverse proxy that drops personal information and redirect the request to the source (Google, or whatever). It’s a simple Nginx rule.
The local bakery down the street just needs to figure out what a reverse proxy is, what a redirect is, and what Nginx is and how set rules for it, and then weigh the pros and cons vs self-hosting assets.
I’m sure that’s easily doable for them, aren’t regulations fun?
that is true but it increases the barrier to entry for those who use google fonts for system resource issues, a lot of people offload because they don’t have the space or money to self host everything
one could argue that it is less eco friendly as well given how much space is going to be used repeating the same file on a multitude of servers
A $5 VPS comes with several gigabytes of storage. A standard web font (e.g. Roboto) is ~1MB. Bandwidth is essentially free through CloudFlare. Who doesn't have the space or money to self-host their fonts?
Currently on HN frontpage there is an article "How to avoid layout shifts caused by web fonts" [1]. It lists several techniques you can use to reduce font size. One of the examples shows how subsetting reduces Roboto Regular size to 11KB.
You're probably liable to pay the plaintiff 100 EUR for leaking their IP address to CloudFlare, as well as paying 100 EUR for leaking it to Azure/AWS/etc. /partially sarcasm
I'm really starting to question why aren't we using fonts that are standard part of browsers? Just have a reasonable sub-set supported by everyone. This would be great climate action too as we would not be wasting energy to redownload them billions if not trillions of time.
(in reply to krehl) And in that specific case you should probably have a DPA ready. Big issue with anything Google-related (and probably CloudFlare) is that they may transfer the data outside of the EU[0].
An interesting question. Someone should do a environment cost impact on self hosting fonts (and other resources) vs client having to make lot's of requests to various hosts for those resources.
Hosting all your assets by yourself, on your own servers and doing analytics without sending data to a third party is not a terribly tall order.