This as well would "leak" the IP address to Cloudflare, wouldn't it?

> A standard web font (e.g. Roboto) is ~1MB.

Currently on HN frontpage there is an article "How to avoid layout shifts caused by web fonts" [1]. It lists several techniques you can use to reduce font size. One of the examples shows how subsetting reduces Roboto Regular size to 11KB.

[1] https://simonhearne.com/2021/layout-shifts-webfonts/.

You're probably liable to pay the plaintiff 100 EUR for leaking their IP address to CloudFlare, as well as paying 100 EUR for leaking it to Azure/AWS/etc. /partially sarcasm

I'm really starting to question why aren't we using fonts that are standard part of browsers? Just have a reasonable sub-set supported by everyone. This would be great climate action too as we would not be wasting energy to redownload them billions if not trillions of time.

Agreed. But why not update what ships with modern OS so that these fonts can be used system-wide? Open Sans, Noto Sans and Roboto for everybody.

Is it really better to tunnel your whole site through CloudFlare than embed a font from Google, from a privacy perspective?

(in reply to krehl) And in that specific case you should probably have a DPA ready. Big issue with anything Google-related (and probably CloudFlare) is that they may transfer the data outside of the EU[0].

[0] https://noyb.eu/en/austrian-dsb-eu-us-data-transfers-google-...

The Roboto woff2 file is actually only 16kb for each variation, and that's the format most browsers will use in practice.

I wonder if you can get penalized for sending users' IPs to CloudFlare..