There a Safari extension for blocking web fonts (either via global or per-site rules) that’s on sale for Black Friday which I’m considering for my iPad, but I’ve read conflicting opinions on web font blocking.
Some say blocking anything fonts.gstatic related is good for privacy, while others claim it does the opposite because it makes your setup more unique and easily fingerprintable.
Enlighten me, please.
If your browser is loading fonts on each page then it is telling Google each time. Personally, that is not something that I care to do.
I am not sure how much blocking that will affect fingerprinting. The fonts available to your browser is one of the items that can be used when creating a fingerprint, but if a substantial number of people block fonts.gstatic and only show the few default fonts then it would not be significant. The question is how many people block the font downloading so how much that makes your signature unique.
One thing you might want to consider if you are not using Safari is Decentraleyes which is a browser extension that provides a static set of libraries which, if downloaded from the originator, could be used to track you. I don’t know, but maybe that could change your browser fingerprint too. Hard to say without more research.
Thanks for taking the time to response to the OP, but it is not a good approach. Arkenfox outlined it:
CDN extensions don’t really improve privacy as far as sharing your IP address is concerned and their usage is fingerprintable as this Tor Project developer points out. They are the wrong tool for the job and are not a substitute for a good VPN or Tor Browser. Its worth noting the resources for Decentraleyes are over six years out of date and would not likely be used anyway
If you want to block fonts on safari, you might as well just use lockdown mode. It doesn’t increase your privacy though, only security
There’s also a feature flag in the settings called “Lockdown Mode Safe Fonts” although not sure if it works properly.
Two things can be true!
If you block Google Fonts on all websites, you will become slightly more unique to the website you’re visiting, because it will theoretically be able to tell that you didn’t use their custom fonts.
On the other hand, you’ll become more private to Google, because you won’t make a network request to them at all, so they’ll have no way of tracking you based on your font usage.
Since Google is the most likely party to try and track you across multiple independent websites in the first place, blocking requests to Google is generally a privacy win. In other words, even though you might be more unique to the website you’re visiting, they’re most likely not colluding with other websites to track you, so that extra uniqueness isn’t really working against you.
For similar reasons, this is why using an adblocker is recommended for 99.9+% of people to improve privacy.
There are some cases where you do want fingerprinting protection against a single website. For example, if you have multiple accounts on a website and you want to make sure that website can’t tell those accounts are owned by the same person. In that case, maybe you’d consider keeping Google Fonts enabled, because you wouldn’t want “these two accounts both block external fonts” as something to stand out to the website’s admins.
This assumes a pretty advanced adversary/admin is running the website, since most probably wouldn’t think to use advanced fingerprinting techniques to correlate accounts in the first place, so even in this case it is probably not a big deal to block external fonts, but… I don’t know what kinds of websites you’re visiting lol 
You can then just block google fonts on the DNS level, although I don’t think it will really increase your privacy.
“For clarity, Google does not use any information collected by Google Fonts to create profiles of end users or for targeted advertising.”
Always remember to look at a service provider’s capabilities rather than their word.