ICIJ / prophecies

An ICIJ app to conduct data validation and cleaning.
https://icij.gitbook.io/prophecies
GNU Affero General Public License v3.0
19 stars 4 forks source link

privacy & offline use issue: google fonts from CDN #200

Closed gabriel-v closed 7 months ago

gabriel-v commented 8 months ago

When self-hosting this I see a lot of CDN fetches for google fonts:

Screenshot from 2024-03-20 12-48-26

This is a significant privacy problem as this enables the corporation to do tracking and surveillance on the group using the application.

This is also a functional problem if the prophecies container is hosted in an offline environment (on LAN/intranet without internet) -- I expect the fallback fonts to be uglier than the intended google fonts.

They can also be a page load performance problem, as I can see they are never cached, so they will delay all page loads by a few 100-300ms.

The Gravatar connection, by comparison, is easy to take out, just edit the Settings in the Admin UI.

Questions:

Thanks!

pirhoo commented 8 months ago

Hi @gabriel-v, thanks for raising the issue. You are right, we should replace this by self-hosted font faces. We won't be able to work on it this week but I can add it to the current sprint backlog.

gabriel-v commented 8 months ago

Thanks for the quick reply!

I can attempt to contribute a fix this week even through my javascript abilities are limited. Let me know if this download source would be OK or you have a different source in mind for the fonts.

pirhoo commented 8 months ago

It's mostly a SCSS work and building font face with a generator (they are plenty online). To download the font family I would rather use Google Fonts directly as they allow to download the files.