Is SemanticUI leaking information to google by hardcoding google fonts in the CSS file?

[tsodring]

Hi,

I am not sure where this issue should be posted, so I am adding it as a general issue here. A German court fined an unidentified website €100 ($110, £84) for violating EU privacy law by importing a Google-hosted web font. See here for details.

I recently had to dive into semantic.css and noted that Google fonts is hardcoded into this file on line 11 :

@import url('https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin');

I am using npm, so it might be the package maintainer there that has made the decision to hardcode google fonts. So I took a look for the use of google fonts within your repository. There does seem to be hardcoded values to Google fonts here.

The point of this issue is just to make the project aware that this is a potential problem for users of Semantic UI. If this ruling stands, users of Semantic UI may be liable for privacy fines for breach of GDPR, and people considering the use of Semantic UI should perhaps be made aware of this. Unfortunately, I have no fix or other way that I can help, as my CSS/js abilities are rather limited.

[nathanhannig]

That is a concern for others already (for different reasons) and why projects like this have been made with a fork of semantic ui

https://www.npmjs.com/package/semantic-ui-offline

[lubber-de]

The official community fork https://fomantic-ui.com prepared that for upcoming 2.9.0 by
fomantic/Fomantic-UI#2359

• Google Import disabled by default (they used Lato 1.0 anyway)
• Bundled Lato 2.0 for offline usage which also covers all missing diacritic letters
• Offered systemfonts and Larger Lato (cyrillic+greek support) via optional theme

[jlukic]

Hi, there's a setting to enable/disable google fonts when compiling the CSS @importGoogleFonts

https://github.com/Semantic-Org/Semantic-UI/blob/master/src/themes/default/globals/site.variables#L16