1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google is now spying on you from within the WP Admin Panel (and how to stop it)

Discussion in 'Black Hat SEO' started by Jet Black, Dec 30, 2014.

  1. Jet Black

    Jet Black Registered Member

    Joined:
    Oct 29, 2014
    Messages:
    73
    Likes Received:
    40
    Occupation:
    Domain Investor
    Since Wordpress 3.8, Google?s webfonts have been used in the core WP build, including WP Admin Panel. The fonts are not served from within WP itself, but served by google webfonts through fonts.googleapis.com.

    What does this provide Google with?

    A cookie is not placed, however: When the user accesses the site, google can collect the header data of the connection request, which includes Googles cookies. Because of this, google can find out if your relationship to the site is as a admin/website owner that logs onto the site, or just a ?random visitor?. If your cookie ID then makes use of certain other sites, google can connect your admin status of the site, to your Google accounts.

    I have long been a happy user of the Genesis framework, but unfortunately all their themes also makes use of this. A lot of other WP themes also use google webfonts, so when somebody visits a page on your site, Google?s servers would be called on for the font, and it could possibly provide Google some idea of how many pageviews per month your website sees. It can also cause performance issues, as Google?s servers are blocked in certain countries. For WP themes, you can have font fallback settings in case google webfonts cannot be served, but it would still cause very slow load times, and some browsers do not support it (android browser is one). And good luck trying to use the WP Admin panel in countries like China where Google?s api?s are either very slow or simply cannot be connected to, in places where internet is slow, or in a local offline development environment. Although google has a good CDN, this would certainly slow down sites anywhere whenever google has any problems with their servers.

    Google does not state that they use this for tracking, but considering the severe privacy breaches they have committed in the past, I would not trust Google to not abuse this service (check out the Criticism of Google Wikipedia entry as a primer on their shady business, if you have been living under a rock and think google is following their ?don?t be evil? motto, which is now an oxymoron to ?google?).

    As of WP4.1, this is still happening, and most users have no idea. Many of the WP developers are angered by this change due to the privacy issues, and are fighting against it, but WP is still using webfonts for now. I fail to understand why WP has decided to do this, since it seems to go against their course values.

    Some will definitively say that this is being overly paranoid, but if you actively try to prevent Google from tracking you and spying on you, this is definitively something to be aware of. Or if you do very BH stuff, and try to stay off Google?s radar as much as possible. For users of GA/WMT, this will have no implications at all (aside from potential performance issues if there are issues with Google?s CDN).

    How do I remove Google webfonts from my WP?

    For now, the best solution to opt out of having Google in your wp admin and themes is to use this plugin.

    You might want to change the font settings in your template if you do not want to have google called when people visit your website. Check out this handy guide from Mailchimp about which fonts are most commonly installed on peoples computers, for a general idea of which fonts to set up as fallback fonts. There are numerous guides around the web on how to do this. For the privacy conscious, just duckduckgo it (a non ip-tracking search engine).

    If you still want nicer fonts in your themes, you can learn how to use @font-face in your css, adobe has a paid service called typekit, and there are also many font plugins (I haven't tried any of them, so I don't have any recommendations).
     
    • Thanks Thanks x 21
  2. codeman1234

    codeman1234 Power Member

    Joined:
    Sep 13, 2011
    Messages:
    644
    Likes Received:
    52
    Hey Jet Black,

    This is very worring what you mention, just one question what themes you can recommend us that dont use google fonts?

    Also is there any other CMS you think wont use this fonts on its themes? Because using the same plugin in all themes is a huge footprint.

    Thanks a lot for sharing man!
     
  3. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,986
    Likes Received:
    3,737
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Exploiting Loopholes!
    Home Page:
    I only use wp in money sites, for everything else its plain html or cms that dont rely on google.
     
    • Thanks Thanks x 2
  4. Tobbe co

    Tobbe co Junior Member

    Joined:
    Sep 29, 2014
    Messages:
    171
    Likes Received:
    139
    After reading this thread 25 days ago I decided to put up a dummy site, having nothing on it beside some text loaded with google font, no backlinks.
    I've visited the site a few times since but the site is still not indexed when doing a site: search in google.

    I'm not saying they ain't using the info they gather, I'm pretty sure they do. Just a friendly note on the subject.
     
    • Thanks Thanks x 5
  5. codeman1234

    codeman1234 Power Member

    Joined:
    Sep 13, 2011
    Messages:
    644
    Likes Received:
    52
    What CMS are those? Just to know! Thanks!
     
  6. Jet Black

    Jet Black Registered Member

    Joined:
    Oct 29, 2014
    Messages:
    73
    Likes Received:
    40
    Occupation:
    Domain Investor
    Different niches require different themes, so it would be impossible to list out non-google webfont themes that could cover everyone and anyones needs.

    Besides, it can be removed from any theme with a bit of editing in the editor, with plugins, or through other solutions such as @font-face (fontsquirrel offers free font webfont kits for many of the fonts that are popular in google webfonts, so you get SVG, TTF, EOT and WOFF files for @font-face use, and can serve them through WP. Do some reading on this first though, as there will be more to load on your site, which can lead to slower load times) or typekit (I personally find typekit overpriced, and their free service inadequate).

    Hopefully it will be removed from Wordpress soon. There was a long discussion among core developers whether the Open Sans font should come bundled with WP, or be served by Google webfonts. Since they insisted on using Open Sans since simply because it looks better, but could not come up with a way to serve it from within wordpress, they decided on this solution.

    Many theme providers also make use of this solution. As mentioned above, I use themes by Studiopress, but unfortunately they also use google webfonts.

    How to test if a WP theme uses google webfonts
    If you want to check it in your own theme, simply go to the theme css editor and check whether fonts.googleapis.com is in style.css.

    Checking other themes by using Firefox add ons NoScript or RequestPolicy
    In Firefox, if you use the free NoScript or RequestPolicy add ons, they will block requests from the website to google fonts (you can easily check this by clicking their icons, once installed).
    You can test it at the wordpress' official twenty fifteen demo site, which also uses google webfonts, as a reference.

    These add ons are also useful for looking into which sites are called when you browse any page of any site (when you do research about competitors, for privacy/security reasons, or if you simply feel curious). For example, for each page you browse on blackhatworld.com, these sites are called/notified by BHW:

    ajax.googleapis.com
    aweber.com
    blackhat-static.com
    scorecardresearch.com
    pingdom.net
    google-analytics.com
    buysellads.com
    googletagservices.com
    securitymetrics.com

    As you can see, quite a bit of monitoring going on here! (most sites call on far less sites than BHW does). Personally I allow BHW only to call back to blackhat-static.com, while I do not allow it to call back to the others listed above (I?m paranoid when it comes to online privacy), and there is no difference in how the site looks/performs.

    By using the Firebug add on
    Those of you who edit the css of WP probably already have the firebug add on installed. You can use it on any site (including your own), and search for fonts.googleapis.com.


    And as Tobbe Co states, it might be be that google is respecting our privacy, and do not use google fonts to collect any data. I'd be happy if this was somehow proven to be right, since it would be an awesome service if it had been offered by some trustworthy privacy respecting company.

    But at the same time, you have to wonder why google would offer this free service. Do they spend money on offering this free service simply out of kindness and benevolence? I'm sure they at least get a lot of useful meta data out of this. And just like they use gmail for all that its worth in terms of data collection (they even say they don't respect our privacy), I think there is a high chance that they do the same when it comes to this service.

    And their live Google Fonts Analytics certainly indicates that they use it to count your pageviews! Something you might not want google to know.
     
  7. WPRipper

    WPRipper Supreme Member

    Joined:
    Mar 24, 2010
    Messages:
    1,402
    Likes Received:
    1,526
    Location:
    Proudly romanian
    Not this again ... Google knows everything you do no matter what, so why this shit? I NEVER EVER thought that far because is useless. All my sites have google fonts and they are all in top searches for their kwds, making how much money I was expected they'll do.

    I really don't understand why you guys are wasting your energy with this crap ... I really don't.
     
    • Thanks Thanks x 3
  8. Gyuman82

    Gyuman82 Elite Member

    Joined:
    Nov 15, 2011
    Messages:
    1,832
    Likes Received:
    1,122
    Occupation:
    SEO Specialist
    Location:
    Los Angeles
    Home Page:
    The WP-Admin only scratches the surface. Google is everywhere and spying on you every minute! From your email, computers, smart phones they are in every facet of your life.

    Little do people know Google monitors this forum and can track everyone's IP back to their homes. From there they have used Google maps to pinpoint where each and every one of us lives! This has allowed them to create a database of every black hatter in the world!

    Disturbingly I just found out that Google can tell every time we take a s*** because our septic tanks and sewer structures are built by computers that are monitored by or built with Google technology. Every time there is an algorithm update, Google tracks how many times black hatters puke/s*** in their toilets to gauge the effectiveness. When they see a huge spike in flushes, Google engineers know that their algorithms for combating spam are working.

    True story.
     
    • Thanks Thanks x 13
  9. JohnDoesia

    JohnDoesia Registered Member

    Joined:
    Dec 22, 2014
    Messages:
    67
    Likes Received:
    17
    Location:
    Inside the matrix...
    You can use a local font, with the font squirrel generator, and (at)font-face instead of external google fonts links.
     
  10. Tobbe co

    Tobbe co Junior Member

    Joined:
    Sep 29, 2014
    Messages:
    171
    Likes Received:
    139
    Could you explain how? If we use no service from google, gmail, analytics, block their APIs, how could they possible track us?

    It doesn't always have to do with tracking, blocking external sources on your website will also increase the load speed.
    For example when I knew I was about to be without internet for some time I installed xampp and wordpress so I could build some sites offline meanwhile.
    But guess what, it was not possible without removing all external scripts and fonts as the site keeps trying reach those but without any internet connection it couldn't..

    While others simply don't want to get tracked their every move by principle.
     
  11. Jet Black

    Jet Black Registered Member

    Joined:
    Oct 29, 2014
    Messages:
    73
    Likes Received:
    40
    Occupation:
    Domain Investor
    I envy your carefreeness when it comes to your privacy:)

    However a lot of people do care about their privacy (or they are just paranoid and simply don't want their behaviour to be tracked), and find it worthwhile to spend time on "this crap", both personally and as website admins, and I do believe that it is possible to protect your privacy online (Note, I say privacy, not being a 100% anonymous and invisible ghost, which is also possible, but is very hard and requires a lot of time, work and financial cost, and few people have real reasons for needing to achieve this). I partly agree with what you said though, since you don't care about this kind of stuff, Google et al. probably do know everything you do. However, I doubt that they know everything I do, since I have taken a lot of steps to prevent them from knowing.

    After everything that has come to light in recent times, I find it hard to not be paranoid about these things (the more you read, and the further down the rabbit hole you look, the more terrifying it gets), and the situation is only going to get worse, and I believe that protecting you privacy is crucial part of future proofing your different IM ventures and your life online in general. Thats just my take on it, and at the same time, a lot of people couldn't care less about their privacy, and I really do hope these people will not be seeing any backlash in the future because it. Hoping for the best, but still, I'll stay low-key and play it safe:cool:
     
  12. Jet Black

    Jet Black Registered Member

    Joined:
    Oct 29, 2014
    Messages:
    73
    Likes Received:
    40
    Occupation:
    Domain Investor
    My outhouse toilet.jpg
    People said I was crazy when I built this hole in the ground, non septic tank toilet. Look who's laughing now.
     
    • Thanks Thanks x 1
  13. codeman1234

    codeman1234 Power Member

    Joined:
    Sep 13, 2011
    Messages:
    644
    Likes Received:
    52
    What CMS are those? Just to know! Thanks!
     
  14. WPRipper

    WPRipper Supreme Member

    Joined:
    Mar 24, 2010
    Messages:
    1,402
    Likes Received:
    1,526
    Location:
    Proudly romanian
    My main goal is to make money, to be able to support my family, my baby girl and so on. I dont give a shit how G is spying on me or tracking me. I dont do anything illegal online so I'm cool with everything else.

    For me the rest is silence.
     
    • Thanks Thanks x 1
  15. tb303

    tb303 Power Member

    Joined:
    Dec 18, 2011
    Messages:
    776
    Likes Received:
    450
    Paranoid nonsense again.

    You cant be tracked successfully via google fonts (or their DNS) due to browser caching.

    This is not due to them respecting privacy or anything like that its down to how unreliable the data would be.
    There's a good chance the font your browser is requesting from a site is already cached from somewhere else so no need to even contact their servers.
     
    • Thanks Thanks x 2
  16. TZ2011

    TZ2011 Senior Member

    Joined:
    Jun 26, 2011
    Messages:
    833
    Likes Received:
    864
    Paranoid shit without any even remotely trace of proof.
     
    • Thanks Thanks x 2
  17. SEO Power

    SEO Power Elite Member

    Joined:
    Jul 14, 2014
    Messages:
    2,642
    Likes Received:
    683
    Occupation:
    Self employed
    Location:
    Houston, TX
    Yet another thread on Google fonts and online privacy. I agree with WPRipper. Google can track me as far as they can as long as I keep making money off their free search traffic. That's all that matters to me. There's lots of opportunities online to take advantage of and I'd rather sit and think of ways to leverage them than worry about what Google knows or is trying to find out about me.
     
    • Thanks Thanks x 2
  18. acidol2

    acidol2 Supreme Member

    Joined:
    Sep 8, 2011
    Messages:
    1,322
    Likes Received:
    835
    Location:
    My Successful Future
    Gotta love google.
     
  19. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,986
    Likes Received:
    3,737
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Exploiting Loopholes!
    Home Page:
    From joomla to php ;)

    You have to be creative
     
  20. imnrt

    imnrt Newbie

    Joined:
    Sep 24, 2010
    Messages:
    34
    Likes Received:
    1
    Occupation:
    Affiliate - Lead Generation Since 2008
    Location:
    Fukushima
    I had post very similar to this a couple weeks ago. Fact is, Google is the government