Google Fonts, Bunny Fonts, Tracking, and What I'd Recommend

Posted by Matt Birchler
— 2 min read

Google Fonts is an incredible resource, and it's made it stupid-easy for many people to get custom fonts on their websites with ease. I'm a little fuzzy on all the details, but it's also helped make a bunch of high quality fonts free and open source for the world to enjoy.

However, as I wrote about recently, not everyone is keen to use Google for infrastructure on their websites. Maybe you've got GDPR concerns or maybe you just don't like Google, but if you want to ditch Google Fonts without much of a headache, then Bunny Fonts wants to help. The promise here is that they host all the same fonts and have replicated Google's API, so all you have to do is to replace the URL you use to call up Google's service and use their's instead.

Is This Actually Better?

Shout out to CC-Tricks for looking into this, but the short answer is no, there's no real benefit to this shift in terms of privacy. The logging going on by both services is effectively the same, and the only personal data Google/Bunny Fonts is getting is the user agent string, which is basically identifying which OS and browser is being used. Here's an example from someone browsing in Safari on an iPhone 13 Pro Max:

Mozilla/5.0 (iPhone14,3; U; CPU iPhone OS 15_0 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Mobile/19A346 Safari/602.1

You can parse this string to figure out a device type (iPhone 13 Pro Max) as well as what version of what browser is being used. But with no I.P. address or personal info, this is basically just useful for knowing what sort of devices and browsers are being used to access your content.

You may still prefer Google not to have this data and you trust Bunny Fonts more, and that's fine, but there's not a real tangible privacy advantage to using one over the other.

What I'd Recommend

Like I said, I think these are great services that make adding fonts to your site super easy, so honestly I feel fine suggesting you use either of these if they solve your problem.

But if you're concerned with relying on a third party for fonts, it might be worth hosting the fonts yourself. Every font on Google Fonts is open source and Google lets you download them, so you can download the font files, upload them to your server, and just load them from yourself, cutting out the middlemen entirely. No GDPR concerns, no need to trust a third party won't change their privacy policy one day, and no concerns that the service will go down, leaving you loading sans-serif instead of that nice font you wanted.

But again, that's more work and it's not going to be doable for everyone, so it's great that free, easy-to-use options exist as well.