Gradio apps and GDPR compliance #7968
Comments
|
Thanks @sd109 for creating this issue. I agree we should avoid connecting to Google Fonts by default. Related: #1450 cc @aliabid94 as I believe you started looking into this. |
|
@hannahblair is this resolved in |
|
Assuming you're referring to this PR then, unless I'm misunderstanding something, I don't think that resolves the issue since it still defaults to Google fonts which is the root cause of the GDPR issue AIUI. The problematic HTML header content including the |
|
@sd109 main is not the 5.0-dev branch. |
|
Yes, that being said, it looks like we still fetch the font from Google, whereas we could vendor in IBM Plex Sans so we don't have to make requests by default, cc @hannahblair |
Is your feature request related to a problem? Please describe.
I'd like to be able to deploy Gradio apps while complying with GDPR regulations.
There is some existing discussion of analytics and GDPR compliance here but, even with analytics disabled, Gradio is still not GDPR compliant. The issue is surrounding the use of the Google fonts API and the
<link ...>elements inindex.htmlhere. If I understand correctly, therel="preconnect"attribute used on links suggests that the browser should speculatively establish a TCP/TLS connection to the targethrefbefore any HTTP data requests are sent. This TCP connection will necessarily involve sharing the user's IP address with the destination address (Google fonts in this case) which is a problem for GDPR (see e.g. this news article and others).If I overwrite the fonts used in the Gradio Theme then I can confirm (via browser dev tools) that the HTTP fetch requests are no longer made to the Google fonts API, however this does not account for plain TCP connections which may be established on page load.
Describe the solution you'd like
I would be grateful for any suggested workaround for this issue, and would like to know whether the maintainers would be open to addressing this issue somehow.
Additional context
Not directly relevant here, but I also found a bug in the font handling while investigating this issue. PR to fix that is here.
The text was updated successfully, but these errors were encountered: