(I would also note to everyone that you can simply disable sending referrers third party, which means that even if Google is using this data to track you, they won't know what sites you are visiting unless those sites use very specific combinations of fonts.)

There's an awful lot of weasel words in there.

If it was a simple "The Google Fonts API doesn't collect or store any user data" that would be good. But there's so much hidden language in that one sentence.

- "Designed" — Well, it was designed to do that, but it doesn't. After we're caught, we'll put out a press release saying We Can Do Better™.

- "Limit" - It limits the collection. It doesn't prevent the collection. It doesn't not collect any data. It just collects "limited" data. And "limited" is defined by us and can be revised whenever we want.

- "collection, storage, and use of end-user data" has so many ways to be abused.

- "efficiently" — Efficient for who? Google? Google's advertising department? Google's profiling department? What if there's an inefficient way? What if there's a more efficient way, but it gives Google less data?

All this may seem unkind, but Google has earned the planet's distrust. In the early years, Google didn't believe that reputation matters. It does. And that's why the legal departments of billion-dollar companies like the one I work for don't allow us to use Google products.

and https://www.theregister.com/2022/01/31/website_fine_google_f...

leads me to believe that Google has PI when people visit sites using google fonts.

Even if they don't use it for advertising purposes long term log keeping is not required to serve fonts.

It doesn't really matter what the service is doing, they didn't ask for consent to log the IP of people downloading fonts.

To be perfectly clear: it wouldn't keep me from sleeping at night and fonts permissions should be bundled with cookie consent or there should be a permission prompt (just like when asking for youtube vid.).