The Bavarian state court in Munich, Germany, on 20 January 2022, decided that using Google fonts in your site breaches the GDPR. This because:

  • it discloses your (dynamic) IP address, a person identifiable datum, to Google when you visit a site that uses their fonts,
  • disclosing your IP address can’t be motivated as necessary as these fonts can be used without establishing a connection between a website visitor and Google’s servers, (and visitor consent wasn’t sought by website owner)
  • as Google is known to actively track users, sending the IP address to Google means a loss of control over personal data by the website visitor,
  • in this case resulting in discomfort for plaintiff such that the website owner as defendant is ordered to
    • stop sending visitor’s IP addresses to Google for their fonts, or face up to 250.000 Euro or 6 months imprisonment for each visit to defendant’s websites by the plaintiff,
    • pay plaintiff 100 Euro compensation plus interest since the filing of the case.

In other words, now is the time to start hosting Google fonts locally on your webserver, and to quit providing your visitor’s IP addresses to Google with each visit to your site. I don’t use G’s fonts on this site, and generally block them in my browser. We are in the process of revamping our company website, and will ensure we will no longer load Google fonts remotely from now on.

Google is experimenting with added functionality to the Chrome browser that follows your browsing. It’s called Federated Learning of Cohorts, FLoCs. This is a way of tracking you for advertising purposes that doesn’t rely on third party cookies. That last bit sounds nice, but it is still very much based on active tracking, and this time it’s the Chrome browser itself that provides the data, turning Chrome into ad-delivery malware. You can opt-out with your Chrome browser, or better yet by not using Chrome, and also website owners can opt out their sites.

That is what I’ve done, opting out my WordPress site, by adding a small function to functions.php in my theme. Adtech cannot be aligned with the GDPR, so it wasn’t a decision at all.

WordPress seems to be planning to add that function to WordPress itself, starting from version 5.8, which should arrive in July. That sounds like a good step.

If that blocking is too successful however, I bet we’ll see opt-out settings actively ignored, like with the Do-Not-Track settings already.

Thirteen years ago today I blogged about Google launching Open Social, an API that would allow developers to tap into multiple social networks at once. It was supposed to be an answer to Facebook (who then had opened up their platform silo for developers to build small applications (since removed as an option). The NYT called it Google ‘ganging up’ on Facebook, the ‘new kid on the block’ (FB became globally available to all in the fall of 2006).

Seeing that 2007 posting in my ‘on this blog today in…’ widget I was curious to see whatever happened to Open Social. After the launch in 2007, I don’t remember hearing much about it anymore.

Following the link to Google’s own page on Open Social now gets a 404 error message (which isn’t different from 2007 when I blogged it, because news leaked before the launch, so that page wasn’t active yet. In between today and today in 2007 it has been a working link for some years though as the Internet Archive can attest) Wikipedia has the story of the years in between in more detail. The Open Social standard saw it latest release in August 2013, and then development stopped.

By the end of 2014 it was all transferred to the W3C’s Social Activity, the Social Web Working Group, and the Social Interest Group. All those three are defunct now too (the interest group closed in 2016, the working group and activity early 2018).

Yet, the still remaining W3C Working Group page has a photo with a number of familiar faces: core members of the IndieWeb community. And the Working Group delivered in their 2014-2018 period of activity the W3C standard recommendations for all the major building blocks of the IndieWeb (Webmentions, Micropub, Microsub, Activitypub, IndieAuth). The W3C activity wound down and reduced to a single W3C IRC channel #social that sees little activity. The log files of #social are hosted on indieweb.org.

So here we are, thirteen years down the road. It’s not Google but IndieWeb-enabled websites like mine ‘ganging up on Facebook’ instead. 😉

Google has released the statistics for the mobility and location data they gather a.o. from all the mobile devices that share their location with them. Below are the results for our region.

It shows nicely the beginning of the soft lock-down, starting with the announcement on March 12th, that from the 13th working from home was the default, and from the evening of March 15th the closure of all restaurants, schools etc. You see the enormous decline in use of transit, the drop in general retail and recreation, the drop in workplace presence due to skiing holidays and then the work from home measure, and the peak in grocery and pharmacy visits right after when the lock-down measures came into force, resulting in empty shelves in the super markets. This type of data is probably not extremely useful on a day to day basis, but it is useful to get a general feeling for how well people are complying with measures, as well as to detect the moment when things get back to their regular patterns. I know e.g. debet and credit card transactions similarly can be and are being used to determine e.g. if a community has returned to normal after for instance a hurricane or another emergency.