Housekeeping: Adobe Typekit is being flagged by Ghostery browser extension as a problem program

I’ve gotten a few complaints this week from some overly paranoid people that say they can’t see WUWT anymore in Firefox, but can in Safari. The problem seems to be related solely to a browser extension called “ghostery” which is somehow flagging Adobe Typekit (used to provide custom fonts on WordPress) as some sort of malware.

I suspect this happened all of the sudden due to some sort of “upgrade” that was automatically installed for Ghostery.

Adobe Typekit is used by thousands upon thousands of websites, it is completely safe. Just look at the list of major websites in the lower right that use it:

ghostery-rating-typekitSource: https://www.ghostery.com/en/apps/typekit_by_adobe

Personally, I think the Ghostery browser extension is a complete waste of time, as what it does is handled by other malware and AV programs installed in your computer, but some people insist on using it anyway and bizarrely demand that I change WUWT to accommodate them. Well folks, tough noogies, I can’t, I don’t have any control whatsoever over such things.

However, the end user does, and here is the simple solution to the problem:

Problem:

Ghostery browser extension is blocking Typekit

Solution:

Go to Options > Blocking Options > Trackers > Widgets and uncheck “Typekit by Adobe”.

Source: http://help.typekit.com/customer/portal/articles/807568-troubleshooting-guide-using-web-fonts

If you don’t want to perform this simple task, then there’s no other solution except to uninstall Ghostery.

Thanks for visiting WUWT – Anthony Watts

 

 

 

Advertisements

171 thoughts on “Housekeeping: Adobe Typekit is being flagged by Ghostery browser extension as a problem program

    • I have typekit in my firewall as a block and the only consequence is the WUWT page loads faster and the typeface I get is smaller. Noogies like that I’m happy with.

    • I use Firefox with all updates installed with no problems on WUWT or any other site. Thanks Anthony I will steer clear of it if asked to download it.

  1. As a further note, Ghostery does not flag malware per se, it allows you to disallow tracking stuff, beacons, and what not.

    • Font are very seductive tracking beacons. Honest people who would never consider installing a tracking beacon have no qualms about using served fonts, and there’s no difference between them. There is a lot of ignorance out there regarding data mining.

  2. Thank you for the fast update, Anthony. I thought Ghostery was blocking something for your site but I wasn’t sure what. At least I now know what to unblock. WUWT is way to essential reading to miss.
    BTW, what’s a noogie when its at home? I don’t think we have them this side of the pond.

        • Sly

          I thought a boogie was a bogie

          Depends on your background. A “bogie” (also “bogey”) is a military term for a “marker” or counter on an “unknown contact” (usually for air-to-air dogfights or radar reports of unknown airplanes coming in towards the ships in WWII). Culturally, the term loosely came from the “boogy man” of little children’s nightmare stories about unknown attackers in the dark. Others have claimed “boggy man” as a creature lurching up from the swamps to terrorize people zombie-style, with or without the Haitian “living dead” zombie legend tie-ins.
          Then, once the radar people started using it for “unknown possibly deadly contacts in the dark” the spelling twisted and turned.

      • Hey if a bogey is an object that is unidentifiable? Thanks now I can shoot pars everytime I get a bogey. Hey I didn’t see that bogey 😀

    • When you give some one a noogie you are rubbing the top of their head very roughly with knuckles while holding them in a headlock.

  3. Odd, very odd. I have this Realsciency extension in Firefox, and it doesn’t allow me to visit RealClimate.
    How do I keep it that way ? 😀

    • RC and SS are blocked at our gateway firewall as a political websites. WUWT is not 🙂

  4. No problem here using ghostery and seeing WUWT. I think people need to select ghostery preferences with more care. One can select which trackers ghostery will flag.

  5. by default ghostery blocks nothing. just shows you whats there and gives you the option to block in future (or unblock)

  6. I have no problems but Adobe is terrible. Upgrading with non-chrome browsers is difficult at times.
    Adobe can take 5% of the blame. So many frequent and buggered upgrades…. sloppy programming.

    • There’s a new browser based on the Chrome engine called Slimjet. It’s actually kind of nice. I’m still using Chrome, but I’m planning on moving to Slimjet when I get a round tuit. Slimjet is still kinda beta-ish, but it seems to be pretty stable now.

  7. I dislike Adobe’s cloud but then I dislike all gatekeeper clouds. It is lock-in technology that satisfies the “never let them out of your site” mantra that has reached a fine art with social media. Want to follow an external link at Facebook? They warn you a mistake has happened seemingly from the perspective that you can’t possibly wish to see a non-Facebook site. I do agree though that unlocking the Adobe service from Ghostery is a trivial operation and one that is entirely necessary when using any ad-blocker. There are some advert sites that I won’t unblock and I’m not alone. As such there are consequences to being a content provider and for being a site visitor and sometimes philosophies collide. We can’t always get what we want.
    All that said, Google’s free font server is easier to implement, is open, so far, not blocked by anyone, and very likely not compatible with your requirements, or possibly those of WordPress, Inc. I don’t use them, either, though, because I like Google less than I like Adobe.

  8. issue is typekit is a well known and utilized vector so the amount of sites that use it means nothing.
    telling the users that a particular extension is causing the issue was a good thing to do, users can then make the choice with correct data.
    I personally have not seen the issue but do thank you for posting the findings…now can the people with the issue see the post ?? LOL 🙂

  9. the Ghostery browser extension is a complete waste of time, as what it does is handled by other malware and AV programs installed in your computer

    Well, not really, though I don’t know what malware program people have installed.
    Typekit as do number of other 3rd party services are able to collect information on who reads what and when in the internet. While I do think it is impossible to retain privacy in the internet for a number of reasons, it makes sense that some people want more of it.
    Now, you can safely say there is nothing special in Typekit, and the problem is probably more of Ghostery being unable to teach its users what this case is about. However, you can’t blame the people for using Ghostery or having the opinion on necessity of Typekit. Personally I think the internet is a dream tool for marketers to collect information the users of it never intended to share.

    • tough noogies ? The common expression over here in Oz is and was “popularised” by Ma Anand Sheela and broadcast also by CBS in 1985:

      • The expression was common when I was in school in the late fifties / early sixties, and probably long before that. (or at leeast from WWII) What makes it ‘special’, is that it was used on TV.

  10. When I have no issue with being tracked, I use my own laptop.
    When visiting sites where I do not wish to be tracked, or may have malware, I simply use my wife’s laptop when she’s away .

  11. Mr. Watts
    I had problems, intermittently, being able to move down your blog page during the past 2 weeks, using Firefox. The browser would just drop out, even though I did not have Ghostery installed on the browser. I had to drop back to using an old version of Opera, with Ghostery installed at times to read your site.
    In my opinion, some of the problem was due to a malformed item of content rather than a problem with Ghostery. The problem would clear after a couple of days, which would seem to indicate some other problem, rather than Ghostery.

  12. When I need to use Chrome(rarely use it though) I use Ghostery, but on Firefox I use NoScript and AdBlock Plus. I’ve always found Ghostery to be not among the most intuitive script blockers.

  13. You can as Anthony notes simply disable the Typekit blocker in Ghostery. You can also allow it on a per-site basis.

  14. “tough noogies”.
    It’s your website Mr. Watts so you call the shots (I would have put it less politely myself), Please don’t lose sleep over people being too lazy to RTFM, as we say it IT.

  15. The bad news is Big Brother Is Watching Us. The good news is that he only wants to sell us stuff. But he is Big.

    • The good news is that he only wants to sell us stuff.
      Unfortunately, once the information has been compiled and indexed, accessing it for more nefarious purposes becomes easy to do. It is only a matter of time until someone does.

    • The big brother exists because his customers expect to make money from data mining. They do and that is why he is big.

  16. I had a problem with Adobe Acrobat a few months ago. I upgraded to the latest version with no problem until I rebooted the computer. Every single shortcut item on the screen and Start menu had been replaced with the Adobe Icon. Un-installing and re-installing produced the same result, so I now use another .pdf viewer.

  17. As long as we’re into tech stuff here…..
    My sister has given me her Facebook password so I can access her page.
    About 1/2 the time when scrolling thru her page I get a freeze-up that says “internet explorer has stopped working”
    It also happens on another site (lately) that is mostly just supplying data re: horse racing (Equibase).
    Is it all those live ads in the sidebar, or live videos on FB, that are crashing IE ???

    • I get the same thing, and it is very annoying. I have followed the MS (un)help sites to try to “fix” this but nothing has worked so far. I refuse to use another browser especially accessing sites like eBay who state on their site they support M$ IE. I just put up with the IE brownouts and crashes. It’s easy enough to bin “iexplorer” process via task manager and start IE again!

    • Seeing as you asked, Windows 7 Home Edition x64 and IE 11, not that it matters anyway. The work-around works. I am more of a windows server, SCCM and SCOM man.

      • LOL Well, you could have DIRECTED that to the appropriate postie simply by doing this;
        “u.k.(us)
        February 28, 2015 at 9:54 am”
        Blah blah blah…
        C’mon it’s not difficult!

      • Anyway for both of you.
        1. Run Microsoft Safety Scanner and remove everything it finds: http://www.microsoft.com/security/scanner/en-us/default.aspx
        2. Run Malwarebytes’ Anti-Malware and remove everything it finds: http://www.malwarebytes.org/mwb-download/confirm/
        3. Reset Internet Explorer:
        (a) Close all Internet Explorer and Explorer windows that are currently open.
        (b) Start Internet Explorer. * Note If you are running Windows 8.1 or Windows 8, start Internet Explorer from the desktop. Changing your settings will affect both Internet Explorer and Internet Explorer that you start from the desktop.
        (c) On the Tools menu, tap or click Internet options. If you don’t see the Tools menu, press Alt.
        (d) In the Internet Options window, tap or click the Advanced tab.
        (e) Tap or click Reset.

      • I know how to “clean” a windows machine. The real problem is that most of these “tools” are, in effect, futile! This is stuff that, anyone who has been in the “windows” space, knows.

      • And as most corporates, eventually, by-passed Vista, for good reason (It was carp), most corporates now are by-passing Windows 8 and 8.1 (Because they are equally carp too) for Windows 10, which needs (In the corporate distributed space for remote management etc) at least Windows server 2012, SCCM 2012, SCOM 2012 etc etc etc etc etc…

      • You are the one having problems with IE so I would argue that maybe you do not know how to clean a windows machine properly. There are no legitimate causes of getting an error message such as, “internet explorer has stopped working” with IE, except on malware infected PCs, PCs with unofficial copies of Windows, PCs with defective hardware or overclocked hardware or PCs that have had worthless utilities (such as tweaking tools) run on them that broke IE in some way.
        Please explain how they are “futile” as anyone that really knows what they are doing would not make any such argument.

      • All of Vista’s legitimate technical issues were dealt with via service packs, the rest were ideological arguments. Windows 8 technically is sound and more secure than Windows 7 but their metro/modern UI interface was lauded for being largely inefficient for desktop users (I agreed with this argument) and this is largely being addressed in Windows 10.
        Corporations chose not to upgrade to Vista or Windows 8 because XP was supported until 2014 and Windows 7 until 2020 so financially there was no incentive to adopt either. Most corporate IT departments (I work in one) take conservative upgrade approaches and wait until certain baselines have been reached, with Window’s operating systems this is usually Service Pack 1.

  18. I dont’ see how someone is “overly paranoid” because they are having this problem. Ghostery (which I don’t use – Blur here) is in no way the equivalent of a malware/virus scanner.

    • It’s kind of equivalent to being called a climate denier. Security is very important on the internet and some of us take it quite seriously. There are no benign tracking products and some of them are very cleverly disguised. For those who don’t believe it, well, tough noogies, eh. 🙂

      • Privacy is “people can’t learn stuff about me”.
        A security property is a “this thing can’t happen” property.
        So a privacy property is a security property.
        Security is not just about not just about viruses and back orifice and RATS and Stuxnet and stuff. When your computer leaks any information to a third party when design says this information shouldn’t leak, it’s a security issue.

      • simple-touriste, please stop misinforming people about computer security and learn how to read the licensing and legal agreements you click “agree” to but fail to read. There is no malicious activity going on here and no one’s computer security is being violated.

    • All the pseudo-technical millennials pushed for a buzz phrase they did not understand – “Net Neutrality”. Welcome to an Internet world of higher prices, less innovation and yes less competition.

  19. iirc (its been a bit since I looked) if you use a cookieless sub domain to pull the fonts from (ie adobe or google) ghostery doesn’t flag this but I am not sure this is even possible on hosted WP.
    however it is a good security practice if possible,

  20. You can also configure Ghostery to allow Typekit only for specific sites, so just WUWT, if you prefer. This is done vial the Ghostery icon on toolbar if you have that displayed.

  21. The term “dancing pigs” is used in data-security circles to signify people’s tendency to disable security in order to enjoy frivolous cute stuff (see Wikipedia, “dancing pigs”). Here we have a case in point: our host, Anthony Watts, advising a security-conscious fan to disable a security measure, in order to enjoy some improvement of dubious importance (custom fonts), with a thoroughly non-expert assurance that it’s “completely safe”.
    As an enthusiastic, long-term fan of WUWT I hate to be negative, but on this point a brief scolding seems necessary. Visitors have excellent reasons to enable security measures in their browsers, and the webmaster who asks them to “go naked” without balancing the risk against some important benefit deserves to have his web page look awful and drive viewers elsewhere.

    • Why misrepresent this issue? Running the Ghostery extension in your browser does nothing for your “security” so Anthony recommended no such thing.
      Anyone who calls the Ghostery extension a “security measure” should retire themselves from the Internet.
      https://www.ghostery.com/en/about
      “… use Ghostery. It’s the web’s largest, most comprehensive and most user-friendly privacy tool.
      They should actually say, “…use Ghostery and break all manner of common functionality of webpages such as commenting and embedded video”.

  22. Yeah, I was unable to view WUWT for a while last week, realized what it was, and enabled it in ghostery. As a web developer I can assure you that Adobe Typekit is not completely benign, however. They changed what they were doing and ghostery added it to the block list for good reason.
    I’ve built several web sites that are intended to be separate from the “rest of the internet”, sites that I don’t WANT indexed by search engines, don’t WANT their images indexed on TinEye, don’t want them to be linked to by facebook or google+. I can assure you, keeping these intrusive sites out is a challenge, each and every day.
    And in case you’re wondering what kind of sites, imagine an internal corporate application, where staff enter transactions and access private data while out in the field. Part of the security is obscurity (not all of it, but it’s a part). Meanwhile, we have well meaning but unwanted sites doing their best to find out what these corporate apps are doing and trying to expose them to every hacker, script kiddy, and content thief. It’s trivially simple to bypass GeoIP, so while I’m trying to limit access to the areas a company operates we have people in Russia, China, and Vietnam busy trying to crack passwords.
    Yeah, I use WordPress for some of my stuff too (in fact, I use this very theme on two of them), and I use Google Fonts (less intrusive).
    I install ghostery on all my computers because it prevents a stunning amount of internet traffic, and reduces the amount of activity that gets tracked and plugged into someone’s marketing plan. Frankly I find the commercialization of the internet to be repulsive and a greater intrusion on privacy than ANYTHING that ANY government has EVER tried to do, EVER.

    • “Frankly I find the commercialization of the internet to be repulsive and a greater intrusion on privacy than ANYTHING that ANY government has EVER tried to do, EVER.”

      Please excuse the tangent but seeing that you’ve bought up to topic …
      I wouldn’t let government off the hook so easily as you have there.
      I directly blame government for all manipulative exploitative scamming adds on TV as they are the airwaves licensing authority, and which willingly permit criminal scams to go to air, and do zip about it. they do not act to protect the gullible trusting members of the public from such ‘services’ operating, with permission, over regulated broadcast airwaves. Silly them, right?
      Except these gullible and trusting members of the public have pre-trusted the government to be actively acting and monitoring for the public interest as the regulator, to keep scam artistes off the airwaves.
      All a relevant minister has to do is tell the next TV station that broadcasts such scam adds on TV, that their broadcast license will be immediately suspended for a period of seven days if they do it, and escalate sanctions to full license cancellation from there, if necessary, with any second or third infringement.
      Well, they don’t do that. Why? Oh, it’s just that political donations from TV station operators and owners will get scarce if they do.
      So government does not regulate to eliminate digital bandits on TV, that are operating right in front of public and police. Government is instead effectively protecting scammers and allowing gullible trusting naive people that think government protects them from being ripped-off without recourse. Thus destroying public trust, and debauching the society, whilst poisoning faith in the political system and law itself.
      Justice is supposed to be seen to be done, and it isn’t.
      Same thing applies to the internet. We just keep getting told its too hard and can’t be done. But it can be done. Having government law enforcement trample on internet interaction and further intrusive systematic monitoring is the main public aversion.
      Which is fair enough, as who wants that? Certainly not me.
      So what we get instead is free-range online crims scamming and data mining, and endless privacy intrusions via digital peeping-Toms.
      It’s almost enough to make me give up on the internet. If Government can not be trusted in this vital area, then anonymity is not only advisable, but is essential, as a personal protective measure against both governments, corporates and scammers.
      Consequently, no one in the private sector nor public sector who’s not us, can have a legal right or capacity to identify, locate and store our data – ever!
      If Government not only doesn’t protect public data but in the purported attempt to do so becomes a far greater pest and liability to privacy and personal protection, then government also can have no legal right to identify and log personal activity. In which case all actions and process of Government and also hardware makers to locate and identify internet users beyond their basic ISP account registration must be abolished in law, and anonymity asserted in codification to be a basic human right, required, demanded and essential for personal self-protection.
      It’s because we passively accept rank government disingenuousness about this, and the dysfunctional resulting status-quo, that the constant attacks on private online data and bank accounts continue to have no end in sight and with zero realistic attempts being made to protect the public! The effort is all the other way, to undermine pubic protection in every possible way at any opportunity.
      So we must be able to protect ourselves. We can never rely on someone else to protect us, for us. That approach is a sure-fire recipe for total failure to protect personal data.
      And that is what we have.
      There is no such thing as someone else being responsible for storing and protecting your personal data and information. It’s an insidious nonsense that cyclically does the opposite of protection.
      Which means ensuring we can not be identified when online. Assured anonymity is our only viable or realistic protection option short of abandoning online interaction.
      Which is immediately dismissed as too late – the horse has bolted!
      Well so were many things, until we decided to change how we do things. We used to throw faeces into the streets, then we realized it was a mistake, it was toxic, it created harm, so we changed everything about that.
      We can change everything online, we can undo and reverse the elimination of anonymity. The loss of it was not inevitable, is was not automatic, it is not even necessary, it was done to us and it has damaged us, it has created harm. It has removed all protection, we are now exploited from every direction and that it is the diametric opposite of the public interest being protected.
      So I do not accept government is not responsible, oh yes, government is 100% responsible for the situation we now have.

    • As a “code tech” who’s been around since BEFORE Videotex (look it up if you don’t know what that was), I WELCOME the commercialization of the web. Sorry, but we would not have our current ability to create stunning web sites – and web apps – without there being gold in them ‘thar Internet hills.
      Now, is it rather excessive? Yes. Rather inevitable, though. I can remember when a commercial television show was 53+ minutes of show; and when “public” television wasn’t at least 1/5 “sponsor acknowledgements” and “fund raising drives.”
      I realize the headaches of securing a private app, and keeping it secure. But I worry not so much about the commercial “snoopers” – they are big enough, and used by enough developers, that the word gets out fairly quickly when they try something new; and only once have I had to roll my own solution to block one, since someone else has almost always beaten me to it (and published).

    • Really, a while? The first time I visited WUWT and the page was blank on one of my test machines I knew in a second it had to be the crappy Ghostery extension and of course likely something they classified as a “widget”. Anytime webpage functionality does not work you can always count on Ghostery for breaking it – It is what I call a sure thing.
      They claim to have over 20 million pseudo-technical users now too? I cannot imagine how much time they are wasting for website owners and the frustration they are causing their pseudo-technical users.
      I looked through their features,
      https://www.ghostery.com/en/features
      …and could not find where they said, “Ghostery is guaranteed to break webpage functionality such as commenting and embedded video.”

      • You really have a problem with this, don’t you?
        Personally I thought the instructions for Ghostery were pretty straight forward, and I actually WANT certain “webpage functionality” to be broken. I refuse to ever install “disqus” on any site I build, for example, and I only selectively enable it for sites I visit. I recommend the same to others, too. For my own sites I wrote my own commenting system that doesn’t harvest and sell users’ personal information.
        The first time I hit WUWT and got the white page I assumed it was yet another time that WordPress had screwed up or had a service outage, both of which happen more often than they should.
        I’m not “paranoid”. I’m sick of being used as a pawn for ignorant billionaires to skim yet more money from the internet, and I despise the fact that the work I do in development is often being added to someone’s marketing database.
        As a tech person, don’t rant against a tool people use to block intrusions into their lives, and don’t complain if a tool you are using is getting blocked. Work around it, work with it, and give users a choice.

      • I have a problem with misinformation being given to non-technical users. Such as, that this is a security issue or that any of the scripts Ghostery blocks are malicious.
        Where does Ghostery tell its end users that non-malicious web-page functionality such as commenting and embedded video with be broken by using their extension?
        My complaint about Ghostery has not changed and that it should never be recommended to a non-technical user, as you have just demonstrated – even technical users are unable to determine when it is breaking legitimate content on webpages.
        You just admitted to have an ideological problem with Internet monetization. I have seen this behavior far too much in the tech world where people irresponsibly push their ideological beliefs on others not taking into account the end-user’s experience.
        The end user wants things to work and they have a right to know that something they are using is going to break things.

      • I really don’t understand you.
        There are many things where you and I are on the same page. But when you disagree, you adopt a hostile and stubborn tone that is quite disagreeable.
        Prior to installing any extension in Chrome I read their blurb. In the case of Ghostery, the blurb is very clear. It says that the primary purpose is to DISCOVER what is loading behind your pages, LEARN what they are for including links to sites and privacy statements. Then it gives you the opportunity to block them.
        It’s not just about “monetization”. The majority of crap that gets constantly fed to my browser is nefarious activity hiding behind a small amount of usefulness. In the old days we would have called that a Trojan Horse, now we somehow justify it to ourselves.
        There is NO REASON for facebook, twitter, and google to have as much data about individuals as they have. It is reprehensible that in addition to the stuff that we voluntarily give them, they want more and are stealing it without most peoples’ knowledge or consent. If it was just about “monetization” then why do google and facebook actively BLOCK advertising that I attempt to do, and quite literally hold me hostage, demanding money before they will even allow anything that looks like advertising to appear to anyone else?
        Here’s an actual cut and paste from FB:

        You just mentioned “limited time“ in your post “…snipped…”. Try boosting it to reach more people.

        Followed by a link where I can spend $20 to have 100 people even SEE what I typed.
        I don’t care that a few web pages are broken, the majority are anyway. I want enough people to block these intrusions so that the people pushing them finally have to admit defeat. I would be happy if 90% of users used ad blockers and ghostery, and actively complained to sites when removing the trojan horses breaks their pages. If 90% blocked all of this meaningless garbage, the remaining 10% would find that all that was waiting for them online is all of the ads that smarter people are not seeing.
        Ghostery is a godsend in a world of identity theft, profiling, and unwanted bandwidth usage. And that’s not paranoia, it’s common sense. I would Never, Ever voluntarily give ANY company or government the information about me that these people casually steal every day, from literally BILLIONS of people. And neither should ANY thinking person.

      • Now you sound completely deranged.
        How exactly does Google and Facebook hold you hostage? Did you not click yes to their licensing agreements when you choose to use their products and services?
        Why are you being irresponsible and misrepresenting scripts used for web analytics as Trojan Horses?
        Why do you want to rob honest hard-working website owners of their income?
        Ghostery does absolutely nothing regarding identity theft.
        You really need to rethink your insane rantings.
        The fact that you do not care that basic web page functionality breaks for non-technical users using Ghostery tells any rational individual all they need to know about your motives. You have no interest in helping people but rather are intentionally creating problems and lying to people to push a deranged agenda.
        Where does Ghostery say that using their extension will break basic web page functionality?
        End users have a right to know this instead of letting them go off half-cocked, ignorantly blaming website owners when they should be blaming the hacks who are causing the problem – the makers of Ghostery.

  23. lol was curious so removed and reinstalled it (to get fresh copy) and sure enough this page pure white LOL
    a default install though SHOWS that its being blocked so people should be able to find out easy enough

    • As mentioned above, the problem was intermittent and then the site was off permanently, The URL would appear the the two vertical column borders,and no text, so, I did not suspect Ghostery.

  24. According to Adobe:
    What information is collected by the Typekit service?
    Fonts served
    Kit ID
    Account ID (identifies the customer the kit is from)
    Service providing the fonts (e.g., Typekit or Edge Web Fonts)
    Application requesting the fonts (e.g., Adobe Muse)
    Server serving the fonts (e.g., Typekit servers or Enterprise CDN)
    Hostname of page loading the fonts
    The amount of time it takes the web browser to download the fonts
    The amount of time it takes from the web browser downloading the fonts until the fonts are applied

  25. By the way, for those who aren’t using Ghostery, here’s what it blocks on this page alone:
    Amazon Associates,
    Facebook Social Graph,
    Facebook Social Plugins,
    Google Adsense.
    Google Analytics,
    Gravatar (I enabled it),
    KISSmetrics,
    Twitter Badge,
    Twitter Button,
    Typekit by Adobe (I enabled it).
    This isn’t ad blocking, it’s tracker blocking. All of these keep track of what sites you visit and in addition to using that information to tailor advertising, they also use it for social profiling, and there are probably nefarious purposes as well. I can’t even begin to express how much I don’t want google, twitter, and facebook to know what sites I frequent.

    • Completely agree.
      Some time back on this site, there was a test you could perform to see how visible you are to others. According to this test, with Ghostery, I did not exist.

    • I just installed it and went to my usual news site here in Australia, the Sydney Morning Herald. And sure enough all those you list appeared, and were subsequently blocked. I didn’t bother checking if my firewall/av engine was setup to track block these.

      • Patrick why would an AV or a Firewall block non-malicious webpage scripts? People here need to stop spreading misinformation to pseudo-technical people.

      • Well, I should have said “internet security” engine, which does include firewall, AV and popup/ad/tracking blocking capabilities. I just have not checked to see if that “engine” has the same capabilities as Ghostery. So, I installed to have a look-see.
        Not sure if that spreading misinformation comment was directed at me. If it was, I have not spread misinformation to anyone.

    • See the comment above yours, Typekit isn’t collecting any information that could be used for targeted advertising (personally, I fail to see why targeted advertising is a bad thing) or social profiling. It’s collecting information on it’s run time performance.

      • this isn’t really the issue, when offsite fonts used there’s an insertion method/vector that can (and has) been used to do xml/css attacks.
        when browser blocks offsite fonts there less risk.

  26. I used to use Ghostery and dumped it for blocking too much legitimate material.
    Now I use two other extensions instead — NoScript and RequestPolicy. These let you control exactly which sites are allowed to use JavaScript or Flash, and exactly which references to other sites are allowed, respectively. They do require fiddling in the case of sites that make lots of references, but they enable me to block the nasty pop-under ads while keeping all the content I want to see.
    Preventing tracking is a lost cause anyway, unless you’re willing to run Tails or something similar.

    • Not necessary to remove it completely if it is useful.
      The tutorial sorts the problem out. Ghostery has improved over the years but it takes some fiddling to work it out, especially if it runs in the background and you do not experience problems.
      I have Typekit by Adobe blocked for all sites except this one, the slider is to the right and is red but the button on the right is green, problem fixed.

  27. It seems Cisco’s IronPort gateway uses web reputation-based policies, and is also flagging Adobe Typekit as potential malware. Bad news for those who peruse WUWT during lunchtime at work. I’m behind the firewall, and the entire site is blocked as having a bad web reputation. This started on 2/27/15.

    • You will have problems if you update Ghostery as it’ll just show a blank page if you have Typekit blocked.
      As to why you may want to, well, Adobe is notorious for datamining. Any Typekit user may also want to check out the service agreement which grants Adobe rights to any custom fonts you or contributers may use. The tracking part is contained in Adobe’s definition of kit:
      “7.8 “Kit” means the computer, web or other medium-compatible software package created by You through the Service comprised of Your preferred settings, Licensed Font choices, and formats, style sheets, and other software code, along with any JavaScript that may be delivered through the Service to wrap and identify each Kit and corresponding Publisher and to manage and track Use of Licensed Fonts in connection with Published Media.”
      Along with how, or why Adobe manages and tracks users. If the site isn’t using Adobe fonts, there’s no real reason to allow Typekit. If you run this site through Wireshark, you will see it contacting Adobe before it allows the content to be displayed though.

  28. i`m surprised that more security kits do not block adobes software as Adobe are the biggest malware creator on the planet. there is no excuse for website developers to keep rogue companies such as adobe in business by using their trashy software when many alternatives are availaible

  29. If you run this site through Wireshark, you will see it contacting Adobe before it allows the content to be displayed though.

    You’ve just convinced me to remove or substitute adobe software on my PC.
    If one uses their own font selections in Firefox, does that override the adobe page logging in WUWT?

  30. Firefox did an upgrade recently (to 36 and then 37) which broke one of my addons so it could be that something like that is happening.
    I reverted to the previous version and the problem went away.
    I’m waiting for an FF upgrade down the road to see if that fixes the addon or the addon gets updated.

  31. I installed Ghostery yesterday and then visited my usual pages. Quite expected trackers were found. Let’s keep it for a while.
    Adobe typekit had got my attention before this post because Firefox informs about it loading. It is not very slow but having 3rd party stuff takes its toll. What are the benefits of using Adope’s types? My own blog looks fine with WordPress and expond theme without it.
    Site owners want to know the visitors. The problems start when Google Analytics and others start to create user prolifes of the individual visitors. Facebook even tries to connect that information to my real identity. Not a good idea from the privacy point of view. Visitors shoud remain anonymous and individual visits should not be connected.

  32. People still use firefox? I uninstalled it they day the fired their CEO for exercising his first amendment rights.

    • Really? I wasn’t following that. I just know that at the moment even IE works better that FF… I test everything on the big 3 (FF, Chrome, IE) and have Mac users test on Safari. Only FF continually screws up all the layout details.

  33. Fletcher at 10:50 pm.
    Good point.
    Got me wondering is there any ethical products out there who do not support the great global warming scam.
    Eg Google, Firefox, Intel, Apple etal all spend vast sums on the propaganda.
    Much as I dislike that great old Irish invention the Boycott, could not all Anthony’s fans on here
    use our buying power.
    Is there any truely indipendant browser out there?
    Thanks.

  34. I have blocked all web font kits by aliasing their provider sites to localhost. Besides never having problems like this, doing so allowed me to get rid of serif fonts. I read this blog and pretty much everything else in Helvetica.

  35. I just wrote a custom filter line for Adblock Plus for typekit.net and it works fine.
    I have an expensive GPU just so that I can take advantage of my high resolution display – and not have to see CRAYON-fonts.

  36. I’m having no problem with Firefox, however Intrnet Explorer doesn’t display WUWT and other WordPress sites properly (all I get is a list of links along the left hand margin).
    If this also is Ghostery, how do I rid myself of it in IE?
    So far, I’ve chosen to not use IE.

  37. Yeah, on Firefox, I occasionally had an odd problem w/the font changing drastically when viewing WUWT offline. When I permanently enabled adobe typekit in ghostery, the problem went away.

  38. I use Firefox and I can see WUWT just fine. I have never even heard of the ghostery extension.

  39. Personally, I think the Ghostery browser extension is a complete waste of time, as what it does is handled by other malware and AV programs installed in your computer

    Anth*ny, I sympathize, but Ghostery in Firefox is useful, at least for me, in greatly speeding up web page loading by skipping many of the parasitic java scripts. But it does take some effort to learn by experience which scripts are necessary to view the page and which are not required — so perhaps not appropriate for all users.

  40. In case anybody cares, Blur does block Typekit in Chrome and I don’t seem to be missing anything important on this site.

  41. It isn’t being flagged as a “problem”. By default Ghostery will block everything if you tell it to. I discovered this a while back and made a note of it in the “Tips” thread. I noticed I had to allow Adobe Typekit in order to render the site. Ghostery doesn’t make a judgement as to what is a problem or not, it simply allows the user to control which things are allowed. The user must decide. By default even commenting extensions such as Disqus are blocked.

  42. Anyone who was complaining about this and could not figure it out on their own has no business using these browser extensions. This is the problem when pseudo-technical people recommend silly extensions to other pseudo-technical people. It is absolutely irresponsible to recommend anyone use Ghostery or NoScript as both will frequently break basic webpage functionality such as commenting and various third party video players.
    Adobe Typekit tracks basic website usage of its fonts not privacy information of these site’s visitors.
    http://blog.typekit.com/2013/06/13/clarifying-our-commitment-to-privacy/
    http://www.adobe.com/privacy/typekit.html
    “Typekit makes a point not to track visitors on websites that use Typekit fonts. However, we do collect information about the fonts being served to each site. This data does not include any information about the users who are visiting a site serving Typekit fonts.”
    I am aggravated that these pseudo-technical people are emailing Anthony and wasting his time with this nonsense. These people need to learn how something works before you install it and stop taking idiotic advice from people who do not know what they are talking about online. With Ghostery it is their Widgets category that will cause almost all of the problems and Typekit by Adobe is in this category.
    None of these extensions are going to protect you from anything or make you anonymous, if you want to be anonymous you have to mask your IP.
    As for webpage loading speed there is only one extension that really makes a difference but out of respect for how webpage owners make money I am not going to recommend it here.

  43. The nonsense is right above. I’ve never used Ghostery, but I know that it and NoScript are not “silly extensions”. Others have explained why. The claim “that only one extension that really makes a difference” in “webpage loading speed” is just as absurd. [Before the “pseudo-technical” label is applied – I graduated summa cum laude in computer science.] T

    • Exactly, Ghostery and NoScript have no business being on anyone’s computer who is not technical and knows how they work as they will effectively cripple the functionality of perfectly safe webpages. Again, Ghostery’s widgets category is the most onerousness as it breaks all manner of perfectly safe web content.
      I don’t have a problem with overly paranoid technical people using them, I have a big problem with them being recommended and sold as necessary to non-technical and pseudo-technical people out of unsubstantiated fear-mongering over “privacy”.
      You want 100% privacy? Don’t use the Internet. How many people have these extensions installed yet use their real name on Social Media sites? LMAO.

  44. Okay here goes I am 63 years old married (40+ years) 3 kids 4 grand kids (as far as I know), Dutch descent live in Canada, love soccer, CFL NHL, NFL, do not understand cricket, we shop wherever we can find the best deals, love NZ and Ozzie beef, and Chinese food (My wife is an artist both in the kitchen and with paint), drive a humongous SUV ( live in the country). and gardening is my puttering and hobby. Grape growing and wines are a passion although with age the wine part is becoming a larger part. Like the NET and the news and miss WiZiWig a lot. I have a cell phone although rarely used, satellite TV ( we are rural no cable or analog). So lets see what did I miss?, Oh right I am regular in the morning, shave when I feel like it and shower everyday, brush my teeth at least twice a day and love my beer as I watch a game I like tinkering and “fixing” things. For breakfast Juice toast and marmalade or oatmeal,
    If I left anything out let me know! 😀

    • I guess I left out the fact we do not like what is happening on the planet as history shows it is becoming a repeat and if we are correct the aftermath is going to be a lot worse in the near future. We also like WUWT because most of the time it teaches us things that we did not know but are aware of, So thanks everybody keep up the threads.

  45. [Commercial]
    Narrator: “Ghostery …protecting you everyday from the evils of Adobe Typekit and being able to read comments on websites.”
    Pseudo-technical user: “Yes! finally no more fancy fonts and reading people’s opinions of webpages. Take that NSA and the man!”

  46. I’ve been using Ghostery and Adblock for a long time. I know how and when to unblock when I want to see something.
    I have no problem with my browsing experience.
    The problem is the other people aren’t reading any of this – because they are staring at a white page, and thinking that WUWT has gone offline!
    Other sites also use Typekit, which, when blocked, does not cause the same problem.

    • Those people should not be using browser extensions like Ghostery and NoScript.
      WUWT is visible in all browsers with Ghostery not installed or disabled, thus the problem is with Ghostery.
      Stop wasting Anthony’s time with this nonsense and go complain to the irresponsible people who made their crappy Ghostery browser extension that breaks basic webpage functionality.
      There is a very simple rule for running a webpage:
      Does the page work normally with a clean install of the latest versions, of the three most popular browsers (Chrome, Firefox and IE), with no browser extensions installed on a clean, properly functioning PC? If so then it is not my problem.

      • Popech,
        Typekit is apparently spyware and blocking it is IMO justified, but that is neither here nor there.
        The people that have a problem aren’t reading this thread. They can’t see it. They don’t know what the problem is or how to fix it.
        I don’t know how many of them there are, and if Anthony wants to write them off as too stupid to surf the web then that is his prerogative. They will go elsewhere.
        He and anybody else using Typekit should however be aware of the issue, and make their decisions accordingly.

      • WTF are you talking about? Since when did Adobe Typekit become spyware? Name one major anti-virus/malware company that classifies it as such. This is the sort of blatant misinformation I am talking about.
        Produce any remote evidence that Adobe Typekit is malicious.
        And yes, anyone who has the Ghostery browser extension installed and believes Adobe Typekit is malicious spyware from zero evidence should retire from the Internet.

  47. I will continue to use Ghostery. Without it this page loads 52 different trackers, beacons, behavioral monitors, etc. With it, it loads 6. I really do not want 52 different outside companies being notified about my browsing habits.

  48. Ghostery blocks Typekit because it (Ghostery) is doing its job. Blocking web tracking is what it’s for. But if your page doesn’t even load without sending a phone-home to adobe, then there is absolutely a problem with your coding.
    Does it really surprise anyone that things might not work together exactly as planned, when a site is trying to phone home to;
    – Amazon Associates
    – Facebook Social Graph
    – Facebook Social Plugins
    – Google Adsense
    – Google Analytics
    – Gravatar
    – Twitter badge
    – Twitter Button
    – Typekit
    Climate Etc. has Typekit too. Pages load just fine without being enabled in Ghostery.
    I understand the need to monetize content on the web. Just be clear that when people fight back against relentless privacy violations that they aren’t doing so out of malice.

    • Produce any remote evidence that Adobe Typekit is malicious.
      Misrepresenting these scripts used for web analytics with privacy violations is absolutely irresponsible.

      • Poptech,
        Typekit.com, Whizzbang!!media.com, data-aggregators.com, etc…, etc… might indeed be perfectly benign. And I could whip out wireshark or something an analyze precisely what is being sent at the packet level, as well as going to each company and analyzing their (stated) privacy policies But assuming I believe that all companies follow their own rules (they don’t), that seems like a tremendous amount of effort to go through. So for the moment I am happy with Ghostery blocking such things by default and letting me decide what to let through. For me, wattsupwiththat.com is the first and only website that I have encountered that breaks completely without phoning adobe.com.

      • Still no evidence of anything just conspiratorial nonsense. Using your logic you should not trust Ghostery since how do you know they are following their own rules?
        Your meaningless anecdotes are not evidence of anything, all they mean is you have not visited enough websites that use Adobe Typekit because the Ghostery extension is breaking WUWT, their injected surrogate script is causing this.

      • So let’s see if I have this straight. It’s my fault that the specific implementation of the combination of Firefox+Ghostery+Wordpress+Typekit doesn’t render correctly, and it’s merely because I don’t visit enough sites with this combination that I don’t see the problem more?
        Sounds like an argument for using less obscure web-page delivery at the server level than for forcing users to enable phoning home to Adobe. But A. Watts can run it how he likes. As KenW pointed out, if I hadn’t found a workaround, I wouldn’t be viewing this discussion.

      • It is your fault for installing an extension (Ghostery) that injects a surrogate script that break sites like WUWT. This has nothing to do with Firefox, WordPress or Adobe. The only thing breaking anything is Ghostery.
        And yes if you visited enough sites that use Adobe Typekit you would eventually find the same behavior.
        Sounds like it is time you start holding Ghostery accountable for breaking WUWT.

      • “Sounds like it is time you start holding Ghostery accountable for breaking WUWT.”
        It has nothing to do with my “holding Ghostery or WUWT” accountable at all. I use ghostery for a reason, and it wouldn’t surprise me a bit that the free plugin might itself be broken on occasion. If it were the culprit for breaking 10% of the sites I visit, I’d probably disable it entirely. I don’t particularly enjoy diving into “Why the site won’t load.” issues as some sort of hobby. But for me, so far it’s just this one. Perhaps that will change. I’ll have to see.

      • It breaks functionality on more than just 10% of pages, especially ones that use commenting system and third party embedded video players. Ghostery users are likely unaware in these instances since they can still partially see some of the content.
        You still do not seem to understand why WUWT is breaking – it is because Ghostery is injecting a broken surrogate script for Adobe Typekit that breaks WUWT. Without Adobe Typekit, WUWT will still load just without enhanced fonts.
        Ghostery is the sole reason WUWT is breaking, nothing else.

      • “Ghostery is the sole reason WUWT is breaking, nothing else.”
        Nope. Typekit and this particular coding is involved as well. As for “More than 10% of the sites I visit” being similarly broken? Yes and no. If you mean “broken” in that tracking-crap like Disqus, and 6 different beacons to Facebook, Google and Adobe is blocked? You bet. THAT’S WHY I USE IT! If you mean broken in that not even the basic content will load? No. That’s so far a lot less than 10%. The only site I visit on a regular basis that won’t even load at all without allowing Ghostery to let Typekit through is this one. Other people’s mileage may vary. I’m mostly worried about what I surf to.

    • We are not talking about fear-mongering fantasy scenarios that do not exist but current reality. People can make their own decisions but only if they are given accurate information and not hysterical, unsubstantiated nonsense.
      No one has produced any remote evidence that Adobe Typekit is malicious.

      • I think we have the case of people interpreting jargon in different ways. I am sure your definition of ‘malicious’ is not the same as mine. I see the attempts by websites to force the choice of fonts in my browser windows as malicious. In my view, typekit is malicious because it does something I don’t want. I simply use the word in a dictionary sense, as I suspect many others do.

      • That is not a definition of malicious. Using your definition any software bug would be “malicious”, which would be absurd. There is no remote evidence of Adobe Typekit attempting to cause damage or harm to someone’s system. So far no one has been able to provide a shred of evidence disputing any of the following,
        http://blog.typekit.com/2013/06/13/clarifying-our-commitment-to-privacy/
        Typekit makes a point not to track visitors on websites that use Typekit fonts. However, we do collect information about the fonts being served to each site. This data does not include any information about the users who are visiting a site serving Typekit fonts. The tracking data is used to operate the Typekit service, as well as accurately pay our foundry partners.”
        http://www.adobe.com/privacy/typekit.html
        What information is collected by the Typekit service?
        In order to provide the Typekit service, Adobe may collect information about the fonts being served to your website. The information is used for the purposes of billing and compliance, and may include the following:
        * Fonts served
        * Kit ID
        * Account ID (identifies the customer the kit is from)
        * Service providing the fonts (e.g., Typekit or Edge Web Fonts)
        * Application requesting the fonts (e.g., Adobe Muse)
        * Server serving the fonts (e.g., Typekit servers or Enterprise CDN)
        * Hostname of page loading the fonts
        * The amount of time it takes the web browser to download the fonts
        * The amount of time it takes from the web browser downloading the fonts until the fonts are applied

      • Dear Poptech.
        typekit.assistly.com: type ANY, class IN
        Why would WUWT be looking for that domain? Why should users trust anything when the conversation is encrypted? Why would pages fail to render if Adobe is blocked, and many of the other sites that have Typekit as an option display just fine with it blocked. It’s a trust thing, and as the climate debate has shown us, trust usually has to be earned with hard data. Adobe states it tracks use. How can it do that if it can’t track users?
        (On which point, there were around 168 DNS lookups on this page display. Local DNS caches with white/blacklists may improve load times)

    • Loading a web font asynchronously simply delays the application of that font. Meanwhile, the page is rendered with default fonts. In no event should a failure to load a font result in a blank page. In fact, that is precisely how I force the use of my own fonts in web pages: I block typekit and other web font providers. Everything works fine (tested in all browsers on a mac).

      • Wrong, it is breaking because Ghostery is injecting a surrogate script that breaks WUWT, it is not simply blocking Adobe Typekit. The problem is with the crap Ghostery extension.

  49. LOL at believing what Adobe says about TypeKit.
    Hey, remember when the chief of the NSA said it wasn’t spying on our phone calls?
    Did you have any proof that it did, PopTech?
    over and out
    [others: time to stop feeding the troll]

    • Unlike conspiracy theorists like yourself, I believe what I actually have evidence for. Let me know when you can find any remote evidence that Adobe Typekit is malicious. The NSA scandal is just an idiotic comparison that has no remote relation to this.
      While we are on it, please do not misrepresent the NSA issue either which was the collection of meta-data (phone numbers called, times and dates) about your phone calls and not the actual conversation itself. I personally believe that it was unconstitutional without a warrant but that is irrelevant to what was actually going on.
      Now that we have learned this is a bug in Ghostery is anyone going to admit they were wrong?

  50. Ghostery causing bug with Adobe Typekit confirmed.
    https://purplebox.ghostery.com/post/1016024677
    ** Ghostery v5.4.3 Update
    We were seeing some issues with the Adobe Typekit Surrogate script.. so we fixed that.

    https://twitter.com/Ghostery/status/573155745115451392
    Where did all the pseudo-technical users who wasted Anthony’s time go?
    Where did all the conspiracy theorist, wanna-be computer security experts go?
    It is not possible you were all wrong.

  51. All sorts of “clouds” are tools for the road to slavery via IT, equally as all the “spying” gadgets/toys for all the morons oblivious to the Big Brother World to come. Do you need “clouds” for everything? Really?
    Ghostery did right thing entering the Adobe Typekit as IT evil. How much IQ level some need to have to open mind to the new horizons enabling them to spot the thoughtless herds and puppets of the New Big Brother?
    Sad.
    Alas, Mr Watts was always wrong outside climate issues.

Comments are closed.