Post AG2dlQlPyPd2oiRRnE by rezmason@merveilles.town
(DIR) More posts by rezmason@merveilles.town
(DIR) Post #AG0yBnikqs5EJU7zJg by amolith@nixnet.social
2022-01-31T23:30:48.026546Z
1 likes, 3 repeats
First Google Analytics violates GDPR and now Google Fonts. Get fucked (and fined) :blobfoxangrylaugh: https://www.theregister.com/2022/01/31/website_fine_google_fonts_gdpr/
(DIR) Post #AG0yPvwB6FKBqn94rI by mezzodrinker@social.mezzo.moe
2022-01-31T23:32:06Z
0 likes, 0 repeats
@amolith That was to be expected, in all honesty :blobcatShrugGoogly:
(DIR) Post #AG0yPwdQVRv40vNcGm by amolith@nixnet.social
2022-01-31T23:33:19.354206Z
0 likes, 1 repeats
@mezzodrinker it's like people are just now acknowledging that google bad
(DIR) Post #AG0yTOhOcaFXvCsoAS by rysiek@mastodon.technology
2022-01-31T23:33:33Z
2 likes, 0 repeats
@amolith the amount of time I spent arguing with people at $OLDJOB that we should self-host the damn fonts considerably larger than the amount of time it actually took to self-host the damn fonts.I am enjoying this greatly.
(DIR) Post #AG0yjBC2bRsCfSk5iK by amolith@nixnet.social
2022-01-31T23:36:50.350634Z
0 likes, 0 repeats
@rysiek Yep, it takes all of a couple seconds when using something like this and the site visitor ends up with a much lighter download because you're able to pick just what you want and nothing extrahttps://google-webfonts-helper.herokuapp.com/fonts/
(DIR) Post #AG0zDe6hfN0x1vm09Y by mansr@society.oftrolls.com
2022-01-31T23:42:19Z
0 likes, 0 repeats
@rysiek @amolith This isn't really about fonts, though. It's about a German court effectively banning websites referring to other sites.
(DIR) Post #AG10nVR1UFAoVqwOdU by amolith@nixnet.social
2022-02-01T00:00:01.665657Z
1 likes, 0 repeats
@mansr @rysiek > It's about a German court effectively banning websites referring to other sites.Not exactly. By including resources from third parties, website owners aren't giving visitors a choice but to download those resources and give up their personal information. That's the core issue and what this whole thing is about.If there was a dialogue when visitors first opened the site using system default fonts with nothing loaded from Google that asked "Do you want to view this site with custom fonts provided by Google?" with two buttons saying "Browse with default fonts" and "Use custom fonts" and Google's fonts were downloaded *only* if the user visitor selected that option, the whole situation could have been avoided.Alternatively, the website owners could host their own damn resources and save themselves all the trouble. Unless they're getting thousands of hits per minute, there is no reason to use a CDN. That's just lazy and irresponsible, especially if the CDN is as anti-privacy as Google.
(DIR) Post #AG11E02iJGyCyFCgLo by rysiek@mastodon.technology
2022-02-01T00:04:38Z
0 likes, 0 repeats
@mansr @amolith this is crap and you know it. Not sure why you would spread such rather blatant misreading of this.Also, the fine is 100EUR. This is not even a slap on the wrist. This is just a signal: hey, you guys might want to look into this.
(DIR) Post #AG12FrPzRkxQktXfmK by rysiek@mastodon.technology
2022-02-01T00:13:32Z
2 likes, 3 repeats
@amolith @mansr and don't get me started on those privacy banners! They are shit, but that's by design. I can design a usable, unobtrusive privacy banner in 15min, *and* I can deploy it on a website which self-hosts assets in such a way that most users would not even see it.JS disabled? No privacy banner needed.JS enabled, but cookies blocked? No privacy banner needed.Do Not Track header present? No privacy banner needed, user's preferences are crystal clear.Privacy banners are shit *by design*.
(DIR) Post #AG13d7jx1nlzzXXFlw by mansr@society.oftrolls.com
2022-02-01T00:31:44Z
0 likes, 0 repeats
@rysiek @amolith 100 EUR per visitor is a fuckload of money.
(DIR) Post #AG13w7Ft3TfhzQWsSW by amolith@nixnet.social
2022-02-01T00:35:12.021522Z
0 likes, 0 repeats
@mansr @rysiek it was 100 EUR from the defendant to the individual plaintiff, not 100 EUR to every visitorIf there are further violations, the site owner will be fined €250,000 for each infraction.
(DIR) Post #AG142rNoSwNcn3S6qW by rysiek@mastodon.technology
2022-02-01T00:22:02Z
0 likes, 0 repeats
@sheogorath @mansr @amolith yeah, *if they repeat the violation*. But sure, you're right.
(DIR) Post #AG142tX6TN03SRoYbY by mansr@society.oftrolls.com
2022-02-01T00:36:22Z
0 likes, 0 repeats
@rysiek @sheogorath @amolith If I were the recipient of that decision, I'd be geoblocking the entire EU in a split second. I dislike the tracking crap as much as anyone, but this isn't the way to counter it.
(DIR) Post #AG14HPMEwh4gDNeaci by rysiek@mastodon.technology
2022-02-01T00:39:02Z
1 likes, 0 repeats
@mansr @sheogorath @amolith well what, pray tell, is the way to counter it?Over the last 15 years I have tried making my own choices (constantly circumvented by website developers and admins); running the websites I am responsible for in a responsible manner (somehow did not influence the rest of the Web), information campaigns, pushing browsers to do the right thing, and about a dozen other things.So what is this magical silver bullet of yours? I am all ears!
(DIR) Post #AG1AvFDafA0m4lzE9I by rysiek@mastodon.technology
2022-02-01T01:53:27Z
1 likes, 0 repeats
@mansr @sheogorath @amolith also, go right ahead and geoblock!That means that the ability to not self-host assets you use is, for you, more important than reaching a few hundred million users. That's an interesting set of priorities!If your assets are that heavy, and that much of a problem to self-host, perhaps the problem is bloat, not courts? 🤔
(DIR) Post #AG1E2ESsA8d5d29scy by damko@fosstodon.org
2022-02-01T02:27:37Z
0 likes, 0 repeats
@mansr @rysiek @amolith it really doesn't seem like that to me
(DIR) Post #AG1JvAsjgVI6DMH1DU by damko@fosstodon.org
2022-02-01T02:26:08Z
1 likes, 0 repeats
@rysiek @amolith @mansr true! Without mentioning that the vast majority of websites don't even need to track anyone. Simple web server log analysis would provide enough info for the average user
(DIR) Post #AG1V5NYQWSZluPqIQy by stefan@mk.lightnovel-dungeon.de
2022-02-01T05:38:46.460Z
1 likes, 0 repeats
@amolith@nixnet.social Good. Nice to see that something is moving in that direction. Took them long enough to finally state the obvious though, but better late than nothing. Good that my services (self-hosted of course) dont need that
(DIR) Post #AG22U1F9uKJSRMBf0q by ton@m.tzyl.nl
2022-02-01T11:53:33Z
1 likes, 0 repeats
@mansr @rysiek @amolith nah, not at all. The reputation of Google as a data kraken plays a significant role in the verdict. But generally yes, when you send visitor's personal data to someonelse you have to make sure you've got your s**t together and know you bear responsibility for the choices you make. That should not be a novel or surprising concept.
(DIR) Post #AG2C1r13L3xi9ZnWQi by aral@mastodon.ar.al
2022-02-01T12:08:44Z
1 likes, 0 repeats
@rysiek @amolith @mansr Also, let’s not forget my favourite: Not actually spying on people? No “we’re violating your privacy” banner needed.
(DIR) Post #AG2Cg7iceptRXVNYsC by fedops@fosstodon.org
2022-02-01T07:49:24Z
1 likes, 0 repeats
@rysiek and then the dumbnuts harp on about how "GDPR is bad, it forces sites to have these banners". 😡I think there should be a mandatory message on these banners that reads: "the operator of this site either wants to sell your data, or is too dumb to design their system around minimal data use". Plus a shocking picture like on a box or cigarettes.@amolith @mansr
(DIR) Post #AG2CkHljEXg1rqogXA by rysiek@mastodon.technology
2022-02-01T12:11:33Z
1 likes, 0 repeats
@aral @amolith @mansr exactly. I have zero such banners on any of the sites I run, simply because there is no spying happening on them, and all assets are self-hosted.However one cuts it, it's an intentional self-injury on the part of website owners/admins/developers.Either do the easy and right thing and don't spy (or allow others to spy) on your visitors, or, if you insist on allowing for that, well then it's on you. Make sure you are compliant. 🤷♀️
(DIR) Post #AG2EgjNUqDeGFIuma8 by aral@mastodon.ar.al
2022-02-01T14:09:59Z
1 likes, 0 repeats
@rysiek @amolith @mansr Oh, and a deliberate “fuck you” by Big Tech.“Oh look what the nasty regulators are doing by MAKING US DEGRADE YOUR EXPERIENCE… they’re making us hurt you…”
(DIR) Post #AG2Js3jI0yNuJyKUPw by yukiame@noagendasocial.com
2022-02-01T14:45:53Z
3 likes, 2 repeats
@amolith all of Google is a giant GDPR Violation
(DIR) Post #AG2dlQlPyPd2oiRRnE by rezmason@merveilles.town
2022-02-01T17:32:11Z
0 likes, 0 repeats
@amolith @rysiek @mansr Does this ruling mean CDNs violate GDPR, or did Google or the defendants do something more particular that violated it?
(DIR) Post #AG2dlRhuSwPtk7o9xo by rysiek@mastodon.technology
2022-02-01T17:34:13Z
1 likes, 0 repeats
@rezmason @amolith @mansr it's not the CDNs or Google who violates the GDPR, it's the website, by using such services and not properly dealing with that in its privacy policy.But on a more general level, yes, I would expect CDNs to start being considered problematic in the same way Google Fonts is in this ruling.
(DIR) Post #AG3HwAu3HPlIyg9rxA by robryk@qoto.org
2022-02-02T01:53:46Z
1 likes, 0 repeats
@amolith TBF, there was an additional reason to use fonts from a cdn in the past: you would benefit from them being already cached (because some other website surely fetched them) and so reduce the latency for the user. Alas, this creates a way to exchange information between different origins _and_ is a permacookie, so all caching, including fonts, is now essentially origin-isolated (I think it's not exactly per origin, but some similar concept; don't quote me on details), so this benefit is no longer there.@rysiek @mansr