> The services (here: web fonts) could be supplied another way
The problem here is that every service could be provided another way. It seems that the only actual hosting option that doesn't leak a user's IP to a thrird-party is first-party only over Tor. Do we demand that every website is built that way? It turns out that outsourcing actually has a lot of value.
So where do we draw the line? Google Fonts apparently needs to be reimplemented first-party. What about Google Cloud CDN? What about an ISP that sees the user's IP in the packets?
The problem here is that every service could be provided another way. It seems that the only actual hosting option that doesn't leak a user's IP to a thrird-party is first-party only over Tor. Do we demand that every website is built that way? It turns out that outsourcing actually has a lot of value.
So where do we draw the line? Google Fonts apparently needs to be reimplemented first-party. What about Google Cloud CDN? What about an ISP that sees the user's IP in the packets?