reCAPTCHA v3 is loading unnecessary fonts

[galford-tillster]

Hi,

Per the reCAPTCHA V3 documentation we are allowed to hide the badge:

https://developers.google.com/recaptcha/docs/faq#id-like-to-hide-the-recaptcha-badge.-what-is-allowed

However, hiding the badge does not prevent the two fonts used on the badge from downloading. reCAPTCHA V3 downloads two fonts each about 10KB, so that's 20KB of unnecessary data being loaded each time.

We cannot block the request because the CSS is inside the iFrame.

Is it possible to provide a configuration option that will disable the font, or maybe disable the badge altogether?

[23tux]

New year, still no progress. Can maybe @rowan-m give some updates, if this issue will receive some attention in the future?

[iarovuo]

Typical Google, recaptcha is not having display=swap, and then Google PageSpeed Insights complain about their own other product. Same thing goes with having youtube video or gtag on the website!!!

It's year 2023 and they STILL haven't fixed this years old issue!!!

[rimager]

Just stopping by here to say that I, too, would like a way to prevent the unnecessary Roboto font loading situation in reCaptcha. In my case it makes SIX requests to load this woff, which also can't be cached.

[sinanisler]

It's year 2023 and they STILL haven't fixed this years old issue!!!

it is not a issue it is a loophole :)

[maddsua]

It's a total joke

No, rlly, why does it need to load fonts, you, the dumbasses at Google?? Just use Arial for God's sake! I'm not even talking about that bigass "PrOtEcTeD bY GoOgLe" badge that pops up without any questions. I know that my site uses it, and if I wanted to, I'd place it somewhere it would fit the design!

[maddsua]

it's ridiculous that we can't just add &nofonts=true to the URL and be done with it

EXACTLY!

I mean, Google has enough money by spying on us, so make the developer experience of the products a bit better at least.

How many ppl-hours is needed to fix that bs? It's not a big redesign or anything like that, just add the option...

[iarovuo]

@google-admin There is nobody assigned to this issue. The issue is well known, but Google does not give a shit. as usual.

[alorbach]

This issue is open since YEARS, so another YEAR without recaptcha in Germany 🤦‍♂️

[cristiansoftlead]

Does it still make sense to ask if there is any update? :)))

[nessor]

Does it still make sense to ask if there is any update? :)))

To be honest. Not really. We’re using turnstile now. Even a beta is better than this here.

[BlooDStrikeR88]

i have the same problem as the one stated below... Cant seem to find out a solution. I use wprocket + perfmatters + i tried all different codes and scripts - nothing worked. I have unused script for recaptchav3 and the roboto fonts ... Please if someone finds a solution - please share it with everyone. thank you.

It's a total joke

No, rlly, why does it need to load fonts, you, the dumbasses at Google?? Just use Arial for God's sake! I'm not even talking about that bigass "PrOtEcTeD bY GoOgLe" badge that pops up without any questions. I know that my site uses it, and if I wanted to, I'd place it somewhere it would fit the design!

[05August]

29/9/2023 ✌️ Google does not give a shit

[sinanisler]

I am 100% sure google using google font cdn traffic data to collect statistics :)

how they use statistics? who knows...

[tomihq]

23/12/2023 and not solved :(

[sinanisler]

I stoped using reCAPTCHA loooong time ago using the honetpot method on forms wparmor plugin in WordPress works great most of the cases

[khrizzcristian]

I stoped using reCAPTCHA loooong time ago using the honetpot method on forms wparmor plugin in WordPress works great most of the cases

Yea...I've made a custom recaptcha also :)

[matheusmoraesporto]

I am also facing the same problem, now in 2024, almost 4 years ago this issue was openned. Do we have some news about this topic??

[23tux]

From time to time, this issue pops up and clients ask me about it. I then send them a link to this issue. Unfortunately, no other captcha solution works like reCaptcha (quality, costs, performance...), so we hadn't been able to switch, yet.

[Eeesbk]

haha lol google......, F***ing !!!!

[mthorson]

I just ran into this issue in regards to GDPR compliance in Germany and effectively got a statement that because fonts.gstatic.com does not log IP addresses(they are received but not logged), that this is a non-issue for compliance. This has been vetted by multiple legal teams of large German corporations as well as the GCP Legal team. There is an additional opt-in form to ensure you are compliant on GCP.

Here is the official legal verbiage from within the service specific terms:

Use of reCAPTCHA is subject to the Google Privacy Policy and Terms of Use. For users in the European Union, you and your Application(s) must comply with the EU User Consent Policy. Google collects hardware and software information, such as device and application data, through reCAPTCHA only as necessary to provide, maintain, and improve the Service, and for general security purposes. Such information will not be used for any other purpose, such as personalized advertising by Google. (It's a bit hidden, under "Service Terms" --> "35. Firebase Authentication and Identity Platform")

There are additionally some confirmations of GDPR compliance for reCaptcha enterprise.

REF: https://cloud.google.com/recaptcha-enterprise/docs/faq?hl=en#is_gdpr_compliant https://cloud.google.com/blog/products/identity-security/recaptcha-enterprise-and-the-importance-of-gdpr-compliance https://cloud.google.com/privacy/gdpr

[rnnyrk]

Google imports fonts by using their service, same time Google punishes for loading to much fonts. No option to stop loading roboto. Life of a develop is a sad life every now and then 😢