"Google Fonts logs records of the CSS and the font file requests, and access to this data is kept secure."
They don't say how long the raw data is kept either, on a page trying to minimize the tracking, so we can probably assume it's longer than necessary for technical purposes.
They keep it separate from their other tracking, but that's still collecting user data.
This is an extremely disingenuous way to phrase it. It's deliberately not hosted on a domain which would have any session information sent. There's no tacking information set by that service. I invite you to actually look at a call to this service (you'll want to Google "browser developer tools", that should get you started) and realize that there is no user data in the request. Because of course there isn't.
>...makes it seem like you agree...
Ah, the classic tactic of standing up a weak strawman and then arguing against that. Good to see you again, nemesis.
> This is an extremely disingenuous way to phrase it.
It's not disingenuous because I was going by what those terms allow. They say nothing about detail level, so when I talk about whether they could be tracking you I will talk about the worst thing those rules allow.
> It's deliberately not hosted on a domain which would have any session information sent.
Being a separate service from the rest of google is an entirely different question from whether it tracks you. And tracking doesn't need session cookies.
> There's no tacking information set by that service. I invite you to actually look at a call to this service (you'll want to Google "browser developer tools", that should get you started) and realize that there is no user data in the request.
That doesn't stop them from fingerprinting me to a moderate extent and storing that with my IP and exact time forever.
> Ah, the classic tactic of standing up a weak strawman and then arguing against that. Good to see you again, nemesis.
It's not a strawman. Strawmen don't say "makes it seem". That's my doing my best to figure out your opinion, so that I can effectively respond to it, and making it very clear that I'm guessing.
So are you saying that guess was wrong, or are you being vague on purpose here?
In terms of strawman and related, my guess would actually fall under "steelman". Assuming the opposite would have been a strawman. Because if my guess was wrong, and you don't think it's possible for a CDN to collect user data, then why did you make this conversation be about a specific CDN in the first place?
It's totally disingenuous to use phrases like logging in detail when there are no details to log.
> if my guess was wrong...
As I have previously said, you're totally wrong and your misunderstanding is so far from what I said that it's hard to understand how you got there. You asked if CDNs that don't track user data needed to worry, I gave an example of one which doesn't track user data and still got into trouble.
> It's totally disingenuous to use phrases like logging in detail when there are no details to log.
That's not disingenuous. You disagree with me about what counts as "details to log". Nobody is acting in bad faith.
> As I have previously said, you're totally wrong and your misunderstanding is so far from what I said that it's hard to understand how you got there.
I made a post talking about the difference between a "CDN that tracks people" and a "CDN that doesn't track people".
You responded by linking a specific CDN as an example of a "CDN that doesn't track people".
So I guessed that you agreed that "CDN that tracks people" and "CDN that doesn't track people" are both things that exist.
Why is that guess "so far from what you said that it's hard to understand"?
You're saying you don't think that, so why didn't you just say "No CDNs can track people"?
If every CDN is a "CDN that doesn't track people", then what use is it to link the terms of a specific CDN? If no CDNs can track people, then it doesn't matter what their terms say!
-
But as to your argument, I think your definition of tracking is too narrow, but I don't see any way to convince you otherwise so I'm not going to attempt that.
Not just where the CDN is, but apparently where the company operating the CDN is incorporated. In the eyes of the EU, it doesn't matter if you serve out of an EU data center if the overall corporate entity is still subject to the laws of the United States.
