Hacker News new | comments | show | ask | jobs | submit login
Should we stop using the Google font service and host on our own? (github.com)
107 points by esistgut 10 months ago | hide | past | web | favorite | 105 comments


But not for just the reasons given in the link.

When your page uses resources hosted outside your control, you are effectively giving a third-party access to your users. This applies equally to fonts, images from image hosting services, videos from youtube, etc, and especially to Javascript code (including analytics).

At best, you are trading some bandwidth savings for allowing a third-party to analyze your traffic patterns and users in return - maybe that sounds like a good trade to you.

But at worst, your are allowing a third-party (or the people that buy that third-party years from now) to break your site (removing images, etc) at any time, completely outside your control. That is not even considering malicious intent. Google is probably OK right now, but who knows?

TL/DR : Host everything yourself

1. Tracking is not really effective if the user agent caches the font aggressively.

2. Subresource integrity takes care that at least the file cannot be modified freely without you knowing. So there is only the case that the file either is there as you expect, or it is not available. Does that leave room for malicious intent? https://developer.mozilla.org/en-US/docs/Web/Security/Subres...

Subresource integrity is OK, but in this case would have totally broken the site in a different way. If you want to make sure a resource can't change, host it yourself and don't change it.

Subresource integrity is a double edged sword because when a third party updates a resource then your page breaks. Of course you can build fallbacks by loading from your domain in case of errors but then you just doubled engineering effort and have rarely executed code paths in your source.

True. I'm not saying this solves the problem, but at least the "outside of your control" part is not absolute.

The other big technical reason to self host Google fonts is wanting your website to load in China. The Google CDN is blocked there, in case anyone here is unaware.

I live in China, and the CDN for Google Fonts (https://fonts.googleapis.com) works just fine from both my mobile and home internet connections.

The site for searching for fonts (fonts.google.com) doesn't appear to work, but that's not relevant to the self-hosting discussion.

If you also live in China, please try to load https://fonts.googleapis.com/css?family=Rozha+One (ideally without VPN, and using your ISP's DNS server).

YMMV of course, but when we used the fonts CDN a very large proportion of Chinese users could not access our website intermittently.

Past tense. Was that more than 2.5 years ago?

I used to think that same way. I wanted to host everything myself, so I could control, and make sure everything ran the way I wanted. It took me a while -- not sure how long -- to realise no man is an island.

People are already giving access to third parties for all the sweet sweet ad income. People don't care.

I always wonder how easily "the whole industry" tacitly agreed it's a good thing because of caching. Nowadays nobody sits down and calculates the weights of benefits and disadvantages, most people are just using CDNs because practically everyone else is doing just that.

There was probably a time when it did matter, but I believe (without much evidence) that the benefits of CDNs are less now.

* Hosting on decently fast machines is a lot cheaper.

* Overall bandwidth is increasing

* HTTP2 makes serving up resources cheaper and faster even without other changes. Before a page might request 100 resources and the browser would download them 8 at a time due to having a maximum number of connections to a server.

* Browsers are getting smarter about loading resources in general

* There used to be only a few big Javascript libraries that everyone tended to use (jQuery, etc). So your browser would download them once from the CDN and cache it for multiple sites. These days there are a lot more. Same with fonts. With hundreds of fonts available the chances of your page's fonts being in the cache is small.

The only resources that I think might still be worth offloading to a specialized third-party would be video files, which are still too large to be easily hosted.

This doesn't take the user's connection into account. The user could have a really slow connection (think 3G mobile or worse). Any amount of caching helps tremendously here.

Also, caching and fat pipes are just two benefits of CDNs. They also handle the multi-region issue.

> Also, caching and fat pipes are just two benefits of CDNs. They also handle the multi-region issue.

If you are actually paying a CDN to host your stuff you can expect better service. Here we are talking about using resources from third-parties for "free".

I don't see how that goes against what I said. Those three main benefits apply to anything hosted on CDNs.

Don't get me wrong, CDNs are very useful for hosting high-traffic sites. And if you are paying them money to host all your resources then you are effectively in control as far as the issue we are talking about in this thread.

My argument is that, for smaller sites, the received wisdom used to be that letting google (or whoever) host myspecalfont.wcf, or bigjavascriptlibrary.js, or whatever in their CDN was a good idea since it made your site load faster. This was certainly true, up to a point, but is less important now, due to the factors I listed.

Whether or not these factors make a difference to you is completely dependent on the details of your site.

Latency is still a factor. For any reasonably popular page with cloudflare in front of it, static files will be at the local edge. Requesting websites hosted in US-West from Europe is ~200ms latency, responses from the cloudflare edge here (London) usually have 20-30ms (TTFB). That can be a big difference, esp if you have spotty reception. If your users are all over the world this becomes even more important.

OK, but we're talking about hosting only a part of the website content on the CDN here. In this case - fonts. We can - and should - use the default font to render the text until the webfont has been completely loaded, using one of the available techniques. Unfortunately, even some high profile websites ignore this issue and block displaying the text until the font is loaded.

> Google is probably OK

Practically all relevant news headlines for the past 2 years suggests otherwise.

Do you have any suggestions for self-hosted analytics?

Piwik[1] is pretty good. For self-hosting, basic features are free and open source, some of the more advanced features are sold as plugins[2].

There's also OWA[3] if that's more to your taste

1 https://piwik.org/ 2 https://plugins.piwik.org/premium 3 http://www.openwebanalytics.com/

Piwik is a drop-in replacement for Google Analytics.

But the problem with all of them is that they rely on Javascript beacons to track visits. With more and more people using ad- and privacy-blockers, more and more visitors just disappear from your stats.

I still keep Awstats on some sites for this reason, and the difference between the Awstats numbers and the Google Analytics or Piwik ones is growing and picking up speed.

Not really. I sometimes use goaccess[1] to analyze log files but I haven't found a good replacement for Google analytics.

[1] https://goaccess.io


Do you know if self-hosting has any kind of impact on SEO?

My experience with Google Fonts has been that they are the slowest resource to load. So yes, host everything yourself.

I'm really disappointed in the tone of those threads. Attacking a maintainer because you disagree with his decision is never OK. Attacking someone who designed and released a font for free because you dislike his redesign reeks of entitlement.

Both threads have way too much "you're all horrible people because I dislike your change" and not enough constructive conversation. I'm sure a broken layout resulting from an upstream font change would be pretty frustrating, but with all the name calling, it's hard for me to take the author seriously.

I particularly liked this comment: "This is not practical for agencies. The sites have shipped, there's no budget for us"

I am sure whatever it costs to go back and fix those sites, it is far less than what it would cost to license a commercial font.

Lol that comment. What an entitled douche!

If I were a popular font designer, I would change my metrics every once in a while on purpose, just to spite those people.

Tldr: Google says it won't support version pinning for fonts hosted on their CDN.

So, if you want to use a Google hosted font, you're stuck with bleeding edge. If that doesn't work for you, you have to find an alternative host.

Bleeding edge means things like fairly drastic weight changes.

> find an alternative host

you can download and host it yourself

That depends on the font's license.

All fonts in the Google Fonts directory are open source.

The more the way things change ...

It's not new knowledge that "Cool URIs don't change" [0], and I sympathize with the desire to not get your rug pulled from under you like that, but the anger

  > I can't even breathe

  > completely broke out design
seems a bit over the top. If a change in font weight completely breaks a design, instead of just making it look odd or different, then I really don't think that's good design.

... the more they stay the same

[0] https://www.w3.org/Provider/Style/URI.html

I understand that what Google did was shitty. But then again, the Google Fonts service, as far as I can tell, doesn't have an SLA. At this point, complaining that they switched font weights without notice is equivalent to complaining that fonts.google.com servers went down on a critical Black Friday night for your e-commerce site.

I guess self-hosting is probably the best solution if you want to more 'control' over what's happening.

As a designer I must disagree with some of the arguments posted - the end user might not see a "difference", but ultimately he will have another experience - he just doenst know how it was supposed to look.

Typography is crucial to the appearance of a brand and to the voice of their communication, so having a font in a cdn change all it's weights that drastically _is_ a major problem for designs using it.

That said, as a programmer I can't disagree more with how the issue is raised and the tone towards the maintainers - and absolutely agree with them.

If you want to be sure that your assets will stay the same, point to a definite version of it that you have control of! If you do work for a client and CI compliance is important, license (!) and host those fonts.

Complaining to the author for changing his product is really far off when you've been using a free offer in the first place.

Or use normal fonts. I really don't want to have to download your custom fonts.

...and go back to when every site was set in Times New Roman? Compressed web fonts don't add much to page weight when used responsibly, cached fonts from Google CDN even less so. I think that's a fair tradeoff for a great leap forward in design opportunities.

I assume by "design opportunities" you mean a way for some designer to get paid.

This is how I interpreted it.

Not Times New Roman but maybe the system font? Has the advantage that your website looks more "native" on many mobile devices.

Then configure your browser not to download them.

The problem is distinguishing between fonts used for fancy typography and fonts abused as icon libraries.

It is not an abuse to use a font to provide icons. What are letters, if not icons, after all! :)

Letters and punctuation are not icons at all. They are symbols. Icons are images, i.e. likenesses of concrete or abstract objects which they refer to. Letters have no meaning on their own, they represent sounds, which differ based on language (e.g. c sound like see, chee, key, gee, that &c in different languages) or its position in a word (caps, ace, click).

And if its not an abuse of fonts to use them as icon packs, its an abuse of the users who wants to use their bandwidth for better things (e.g. cat gifs). I have them disabled and my day is full of fun: What this "f" means? What happens when I click "ff" or "p" or what not? And some are kind enough to provide alt texts, which is soooo helpful: https://imgur.com/cHdSxcO

Okay, I was being a bit facetious, I admit :)

In practice I don't consider it an anti-pattern to include icons in fonts. Fonts are designed in such a way that they're pretty convenient to use for icons.

There are of course other approaches now available, and they should probably be used preferentially. But it's much like complaining here that you have blocked images, and therefore can't see any images. It's your choice, and I'm glad you have it, but…

I'm curious what benefits would be evident while using a font that also combines icons in its character space. I can only imagine slight drawbacks.

I feel like this is a bad trade... let me break every website I visit, so I don't have to download Font Awesome and Material Icons?

Why would you do that to yourself? What's the benefit? A couple KB?

Letters are not icons.

"Letters are things, not pictures of things." -- Eric Gill

Github did a great writeup on the perils of using fonts for icons. One reason was the one mentioned here, users overriding them with their own preferred fonts.


I think the issue is less about philosophy and more about technology.

SVG icons are better than icon fonts in pretty much every way. The only example I can think of where an SVG could be considered worse is if the icon is particularly complex. Even then, the only thing that is worse is file size. At that point, a PNG is probably better, anyway.

Don't get me wrong, SVG is better now, though sometimes I fall back to using an icon font because it's still a bit more straightforward. We'll get there, though.

No, SVG is not better than a font for monochromatic icons and never will be.

The amount of optimization that went into font technology and algorithms, all the way from the binary file to the graphics card, can never compare with an XML-based file format.

There are more benefits to be had than time for a browser to render an image.

In some countries, downloading things from CDN has a significant effect on page load times so this is good advice. Sadly most users won't disable custom fonts because they don't know it's a problem.

expect this to be disabled in chrome if enough people do this. just like they disabled every single option to omit referer headers.

though referer header is directly tied to their monetization. the font thing is just a good to have to collect some data.

so don't use chrome.

I thought you could disable the headers with an extension or simply by running Chrome behind the --no-referers flag. Has this changed?

Hear hear. Design is irrelevant, speed and data use are more important to me. I just disable web fonts in FF for mobile.


I recently had to help a person with a broken wordpress theme. The reason: The theme used a font from a thirdparty host and that host was gone. The fix: Simple, get the font from the Internet Archive and host a copy locally.

When you include assets on your webpage from third parties you always have to expect that they change. Avoid it if you can.

For fonts this is mostly annoying as you can't control your layout. For Javascript it's outright dangerous: https://blog.hboeck.de/archives/889-Abandoned-Domain-Takeove...

TL;DR: Designers making drama over a font weight change nobody but them will notice.

It's an inconvenience for sure, but claims about "drastic changes" and "websites looking completely different" are essentially nit picking.

Also, if a slight change in font weight breaks your website, your design / HTML / CSS is wrong. The web is elastic.

My approach is to not depend on 3rd party services at all, because I want to be relatively well-assured that whatever I create will still work 10 years later or more without any modifications beyond security updates.

How about browser updates? I'm not sure it's feasible to expect any webpage to look identical 10 years from now without any kind of maintenance.

Have you visited the website for Berkshire Hathaway?

For me it's a no brainier, and the answer is yes. Or better: use standard fonts in a creative way.

For some perspective, note that many professional designers subscribe to a paid subscription model CDN like Adobe TypeKit.

LOL: "please understand , the left project is for sneakers shop , intended to be bold and stick out , now it looks like it was designed for lingerie shop , sexy and thin."

So some webmasters are handing over even more visitor metadata to google's surveillance leviathan just to shave 100k or so off their page load, and the takers of this "deal" are indignant that Google's versioning isn't robust enough?

Break out the tiny violins!

Not some, but all webmasters, if you exclude a small minority of us who understand the deal in the first place and don't like it.


You're welcome.

(Not my creation, but I've been using it for every website I have a say on.)

personally i block web fonts regardless, particularly on mobile.

I would do this too, if I could reliably tell icon fonts (which are important) from frilly fonts (which I couldn't care less)

I've seen people arguing in favor of this but what's the reason?

I do it for bandwidth. Why should I need to download a font when my device already has several on it.

I would rather reframe this question: what is the reason to download fonts? Downloading leads to page rendering lags and to reporting my browsing behaviour to google, while I see no positive effects from those fonts at all. So why I should be interested in downloading them?

Fonts are one of the dimensions of design. If you've ever enjoyed, for example, one of Edward Tufte's books on visualisation ("The quantitative display of data" etc), part of their appeal as excellently crafted books stems from the choice of fonts. The same happens on the web. See, for example The New Yorker: https://www.newyorker.com.

Obviously everyone is free to block fonts, just like you can block all images or use a text-only browser etc. But to categorically deny even the possibility that well-chosen fonts can enhance the experience for some people seems disingenuous.

As for me speed is much more important that any pretty look. I would rather read internet from terminal with monospaced fonts, if it would add speed and do not harm functionality. But there are no browsers that can do it without losing web-sites functionality -- js, a tons of interaction of modern web needs a very complex and slooow tools to render.

Maybe it is just me, but I believe that for other users speed is also matters.

The most legible font is the font you're most used to. If I let designers chose fonts for me then I'll have to read lots of different fonts, instead of just my own favorite. It can only harm my enjoyment of the web.

But blocking icon fonts makes the web less usable for you.

As NoScript does. Or Ghostery. It is problems of web, not mine. I could find another site, if some one does not work properly.

* Downloading leads to page rendering lags and to reporting my browsing behaviour to google*

… if you are downloading Google fonts.

Yes, self-hosted fonts is better. If web-designers start to host their fonts, I will have one less reason for not downloading fonts.

What is the reason to have CSS at all? It just adds to page download times, and I see no positive effects from page designers tweaking margins and padding and colours. Why don't we just view pages with the browser's built-in default styles for all the HTML elements?

Good CSS lessens download times, by simplifying html. CSS adds structure to html-code, it helps me to write greasemonkey scripts or to block annoying (wasting space or blinking) parts of page with uBlock. There are technical reasons to use CSS and at least some of them is good for me as a user. There are no good reasons for me to allow page to use fonts except those I explicitly installed into my system.

My reasons:

- Bandwidth: I don't want to download your fonts. I already have the ones I like on my computer and I've configured which ones I want to use (basically DejaVu everywhere).

- Crappy type: Your thin type with low-contrast colours hurt my eyes. Or slabs with huge contrasts. Or exaggerated serifs.

(BTW "you" here is purely rhetorical, not the commenter I'm responding to.)

Speed, I imagine, both fewer resources to download, saving bandwidth and time and maybe less processing to do for display, too? I'm not sure about the latter, but the former, I've seen for sure. Much quicker text draw without Google fonts on my mobile.

It's been a while since I really cared about this realm, but wasn't the big deal with Google Fonts in the beginning that licensing was almost impossible to deal with as an individual or small company?

Buying fonts is somewhat expensive for individuals, and google fonts certainly helped the free font ecosystem as a great aggregator.

But serving the fonts directly from google fonts instead of downloading the fonts and serving them yourself has in my opinion always been a bad idea. In any case it's not a licencing problem anymore, fonts published on google fonts have clearly displayed licenses that usually allow a broad range of uses.

We need a smarter internet that caches content-addressed objects in a CDN dynamically (based on number of users, or age).

That would solve the whole font service problem.

Came in to support this sentiment

What is the incentive to have Google host your fonts anyway? It's something that you'd never want to change or update, and something that requires next to no maintenance.

The chances of the font already being cached by a first-time visitor is actually quite high for Google Fonts since their use is widespread and they are not versioned.

Interesting. I wouldn't think ttf files were big enough for that to be an issue.

Why would anyone ever think they should link to off-site resources?

My guess is their only real experience with the web is a few years in college.

How long before a Google employee snaps from the brazen entitlement of their non-paying users?

Aside from that, hell yeah! CDN is penny-wise and pound-foolish for so many reasons. That, and if people had to go back to using their own bandwidth, perhaps websites would go back to being slightly less bloated.

I didn't know it was entitled to want your font to keep looking similar to when you first used it.

That's a pretty basic design ask.

Are you paying them?

Does it somehow matter? They might not be contractually obligated, but that doesn't mean they should be bad actors about it.

People just want best practices to be used, nothing more. Versioning is one of those. They released what amounts to a whole new font in the namespace of an existing font; they even called it a "major" update and a "complete redesign". On one of their most used fonts.

All people are asking for is that the Montserrat font be reverted back and the new one released as Montserrat v2. They've done it before with major changes to a font, it's not a hard thing to do and there's clearly already policy in place.

The internet was supposed to be decentralized, no? Now everyone relies on a few big parties.

Luckily Google is too big to fail now so it'll be rescued by taxpayers should the shit hit the fan.


You've been here long enough to know we don't carry ourselves this way here. If you take issue with what he says then refute it in an academic way; save this garbage for IRC.

Just because we don't typically carry ourselves in that manner doesn't mean it's never warranted. It is totally reasonable to expect font data to remain constant, and totally reasonable for people to get mad when it's not. It's a reasonable expectation that this font data will remain constant, and it's totally unreasonable -- totally stupid -- for anyone to make a claim otherwise. Most people do not go shopping for a Google font expecting its attributes to change significantly at some random point in the future. Saying that versioning won't be implemented, that expecting the font data to remain constant is unreasonable, and to go use some other service if they're not happy with this surprise change... It is amateur hour. This "it's a free service" thing is a piss poor argument as well, because Google is hoovering up all your visitor data when serving those fonts. It's not free.

That seems a pretty unnecessary personal attack.

And I didn’t see anything unreasonable in his comment. He pointed out the Google policy of only making available the latest version and also suggested that if the user wanted more control including hosting an older version they should self host (which aligns with everyone else’s suggestions).

>We want everyone on the latest versions for caching reasons

From a privacy perspective, I'd love to know what the "caching reasons" are.

Purely speaking in terms of big data, I think being able to track users across domains by font requests, even those with ad-blockers, would be in Google's best interest.

I don't think saving money on bandwidth is Google's primary concern at this point.

You're going out of your way to paint Google's arguments in the worst, malicious light.

Their interest in caching is not to save their own bandwidth costs, but to lower costs and load times for users. Google's efforts in the web performance space are well documented (see lighthouse as one example).

The reasoning for "only the latest version" also happens to be the only one that makes sense: having multiple versions of each font drastically reduces the ability of browsers and CDNs to cache, quite obviously.

The motive you ascribe to google, namely user tracking, has absolutely no logical connection to the "latest version only" practice: Google's ability to track users would actually be enhanced by versioning, because their servers are only ever contacted for uncached resources.

> I'd love to know what the "caching reasons" are.

I'm betting it's about the client having the font already cached for greater performance, not particularly about bandwidth cost to Google.

Applications are open for YC Winter 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact