Hacker News new | ask | show | jobs
by Vespasian 1604 days ago
Consider the following scenario:

You are logged in to to google and so are your family members.

You visit YouTube.com from IP X with device (user agent) Y.

Your family member visits YouTube.com from IP X with device Z.

Google Fonts gets a request via the API key of mydomain.de from IP X and device Y.

Google now knows that you visited mydomain.de

Edit: I stand corrected that Google Fonts doesn't use an API key. I suspect they still can correlate the font request with the domain, however I have no proof.

Consider this an example for other services like maps.
3 comments
magicalist 1604 days ago
Google fonts doesn't have an API key.
link
aliswe 1603 days ago
Several people and devices could be shared by the same IP though, either who are on the same network or in the vicinity of the same mobile mast (or in the same mall or restaurant)... that's why IP often isn't used as conclusive evidence that you are the same person just because you are on the same IP.
link
Jyaif 1604 days ago
There is not "API key" needed to request a font from Google Font...
link