I want to suggest another thing we can collaborate on. File bugs against Apache and nginx such that Apache and nginx emit Permission-Policy header by default. People who want FloC can opt-in, but since Pervasive Monitoring Is an Attack (RFC 7258), it is clearly severe security bugs in Apache and nginx that they don't emit this header by default.
That's like saying not sending Content-Security-Policy when it is needed to prevent XSS is not a security bug, since Chrome can start to ignore Content-Security-Policy (which it can). That is absurd.
That's more like the case with the Do Not Track header being defaulted to 1 in some browsers and many (most?) sites using that as an excuse to not honor it.
I think it is a good outcome too. If people really want relevant and targeted ads, they will opt-in to no-DNT and yes-FLoC. The fact that people don't, and that websites don't honor DNT, reveal their lies and hypocrisy.
This is the important part regarding "security". Websites choose to not honor "DNT" headers.
Clients can just as easy choose not to honor no-floc headers.
Which is why I'm saying that this is not a security-thing. If people can just choose to ignore your security-headers, they are not a security-feature. At most they are a suggestion that, when followed, make the client honor privacy concerns from servers.
The Do Not Track ended up being used for tracking and identifying users. Support for it is now removed even from Safari, https://webkit.org/tracking-prevention/
> Removed the Do Not Track flag, which ironically was used as a fingerprinting vector, adding uniqueness to the users who had enabled it.
"The web as we know it is evolving. Apple is pushing a privacy-first approach from its operating systems and Safari" Is that the Apple that uploads the MAC addresses of every device on your LAN and your GPS location without telling anyone?
A quick reading of Apples own advertising policy gives me deja vu...
“Segments
We create segments, which are groups of people who share similar characteristics, and use these groups for delivering targeted ads. Information about you may be used to determine which segments you’re assigned to, and thus, which ads you receive. To protect your privacy, targeted ads are delivered only if more than 5,000 people meet the targeting criteria.”
While I do understand that some people may not like it, I don't see how FLoC is particularly harmful. I've read several articles about it, and most of them just say something like "you are being put in a advertising cohort -- see how creepy it is", which doesn't really prove anything.
One more specific argument against FLoC is that it will make help tracking users via fingerprinting. I don't really buy it. First of all, the estimations from [EFF article](https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-...) are just plainly wrong. They are talking about narrowing down to thousands of users, while in fact if Chrome has on the order of a billion users, and if FLoC has only 8 bits of entropy, the actual number of users in a cohort is on the order of millions. Secondly, from my understanding this cohort is based on your recent activity, so it will change over time.
> Google’s experiment used 8-bit cohort identifiers, meaning that there were only 256 possible cohorts. In practice that number could be much higher; the documentation suggests a 16-bit cohort ID comprising 4 hexadecimal characters.
Also, its since someone can belong to more than 1 cohort, the 8bits is a bare minimum and not a maximum. For instance, techie who likes hiphop, buys whisky and is looking for a washing machine is 32bits of entropy and covers the billion users with ease.
Ok, I agree that it is plausible that eventually more than 8 bits will be used. But in that case, the users will likely change their cohorts at a much higher rate, which will make them less useful for tracking.
> someone can belong to more than 1 cohort
I'm pretty sure you will only belong to one cohort at a time. Otherwise it would defeat the purpose of this change. It seems like k-anonymity is an express goal of FLoC.
> While I do understand that some people may not like it, I don't see how FLoC is particularly harmful.
Sure, I can give an example: it goes beyond simple basic fingerprinting, it allows you to be associated with a group of "others" (your cohort) in ways that can be dangerous to you.
Suppose you live in a country where you may not enjoy certain freedoms or some behaviors may be outlawed; end up in the wrong cohort(s) and a state actor will be able to know these things rather easily, this is not to say there aren't already means to do it today, but why make the job even easier for them?
> state actor will be able to know these things rather easily
But state actors won't be able identity me individually, so I don't see the harm either.
And you can actually reset you FLoC id at any time.
I think advertisers (like Facebook) know that this will damage their revenue and doing mass brain wash to make people think this is harmful for everyone (Cambridge Analytica style).
> But state actors won't be able identity me individually, so I don't see the harm either.
Why wouldn't they be able to? FLoC tells them you're a dissenter, your IP tells them who you are.
Just because you can reset it doesn't mean that you should have to be constantly afraid of your browser working against you. You're just listing ways in which FLoC is slightly less terrible than some maximally terrible hypothetical version. It doesn't make FLoC proper less bad.
I would argue the very notion that your recent browsing history affects what you see in the present is a wrong and dangerous one.
My browser is already working against me by allowing 3rd party cookies. When FLoC comes along 3p cookies will eventually be disabled by chrome as a long term goal. I see FLoC as less bad than 3p cookies in this case, because I can't tell trackers "hey, please reset all knowledge you have of the tracking of this specific cookie".
> I would argue the very notion that your recent browsing history affects what you see in the present is a wrong and dangerous one.
It already does, 3p cookies do exactly that and deleting them is a pain because you would also be getting rid of legitimate cookies, so you have very little or no control. Reseting your FLoC id is as easy as pressing a button and you don't have to worry about having to re-login everywhere.
Third-party tracking cookies have not been a problem in my browser (Firefox) for quite a while now, since they get blocked by default. Firefox also recently introduced Total Cookie Protection, which is a feature isolating cookies by the origin on which they were created on. (https://www.theregister.com/2021/02/24/firefox_cookies_86/)
So the argument for FLoC is moot because this is actually a false dilemma. We shouldn't be acting as if it is a choice between either third-party cookie or FLoC. Rather, we should reject both.
Aside: In some ways, FLoC is worse than third-party cookies since the latter are not under central control and do not provide a way of automatically grouping an entire browser user population into similarity groups based on past browser history.
As someone who lived in such country and has a lot of friends who still live there, I wouldn't care about it too much. The governments of such countries are usually not interested in find every single citizen who's interested in some topic. What they are interested in is suppressing people who are promoting "wrong" values. And you don't need a vague advertising identifier to find such people.
It can be a death sentence in countries where homosexuality is illegal. Say you are FLoC branded as being LGBT (sort of like the pink triangle in nazi concentration camps) and you visit a government website, they will know about your sexuality and can arrest you.
> Political tags are explicitly banned from the FLoC tagging data which identifies locally your 'secular', a-political preferences.
Just because this is said to be so on paper doesn't mean it would actually be so. How would this work in practice with the LGBT example? Would every LGBT-related website be tagged as a "political" website in Google so that it is not included in the calculation? What about clearly non-problematic a-politicial categories which nevertheless serve as a good proxy for detecting LGBT members because of e.g. their increased interest in the topic?
> in contrast to that Facebook can identify you as LGBT+ today based off your likes and dislikes and shares.
This is irrelevant because we're not choosing. Facebook tracking is also terrible.
There are 33000 group IDs. A service with your identity could track how your group ID is changing over time a triangulate your political view or sexuality based on ID patterns of people they have arrested already.
The entire point of FLoC is to track you across all domains and collect all of your browser history to put you into a group. If it was only for one domain every user would be in the same group.
> EFF brings up a second concern which is also novel and scary in terms of privacy. If you sign up to an online service with your email address, they can immediately tie your last week’s browsing data with the email address that you supply them (or physical address, phone nr, etc). It means any service you use now knows what you’ve been up to and not just in an anonymous way
Understood, but from that ID how can they query what sites people have visited? I thought it was just "I belong to this cohort" with no knowledge of what that cohort is?
> While I do understand that some people may not like it, I don't see how FLoC is particularly harmful.
FLoC, AMP, ... With Chrome, Google is hijacking the web in a more cunning way than Microsoft and IE. The revolt against that needs to happen now. When Firefox is dead, it will be too late...
> "you are being put in a advertising cohort -- see how creepy it is", which doesn't really prove anything.
Are you wanting proof for how it is harmful?
One possibility is that with a FLoC and a few other details, you can be fingerprinted as an individual not a cohort. So it's not effective at anonymizing the data advertisers are tracking from you.
I remember cause I refused to switch. When it first came out the argument was “it’s faster than Firefox”. I never got what that meant. What... a 200ms load time on Firefox was 180ms on chrome? Wow let me switch to skynet’s chrome! Pass
I'd recommend blocking FLoC on any websites you run. It is simple to do. Add this header to block FLoC:
`permissions-policy: interest-cohort=()`
See also this post on StackOverflow for information on how it adds a warning message in Chrome DevTools for browsers that aren't part of the current test [1]
Privacy is really important to me, so I am not affected because I don't use chrome in the first place.
All the people who use chrome, especially on this site, know damn well what they agreed to. You all already opted into this and everything google comes up with tomorrow.
Why should I put in work to give you the warm fuzzy feeling of having staved of the google spying for another day? If you want protection from this, use another browser.
At this point, blocking this from the website level just seems to support google even more, because it takes the pressure from chrome users to actually start thinking and stop being victims.
But THEY decided to use Chrome! So the WANTED this to happen.
Now, you can rightly point out that they don't know, but we are on Hacker News here. I am not talking about someones grandparents, I am talking about users of this site, working in the IT industry. I am talking about my collegues at work. About IT professionals. We all should know, most of us do. Yet, many here always proclaim how they can't use privacy friendly alternatives because "minor reason". The whole industry regularly creates content that only properly works in chrome, reminding one of the old Internet Explorer days.
It's not that "normal" people don't listen to "us" experts and use chrome regardless, it's that many so called professionals seem to care about privacy even less. And I am not getting complicit with this attitude in helping google make everyone feel save using their crap piece of spyware.
Switch your browser now and tell the people who don't know why they should too, or stop complaining about "evil google" while enabling them with building shit that includes their tracking and only works in their browser.
Upton Sinclair supposedly said, "It is difficult to get a man to understand something when his salary depends upon his not understanding it."
That would be why SEs at Google et. al. seem incapable of understanding. The business model, and thus, their salaries, is dependent upon tracking people, consent or no.
Plausible tracks visitors without their permission. This is illegal in Europe where notice or consent or is needed, regardless of how cookies are used/not used.
Does this change anything that the author has said? You haven't commented on whether or not you agree with them, you've just (rightly or wrongly) attacked their character.
I assume you're referring to the fact that they don't respect the Do Not Track header? In my opinion this is fine because they don't 'track' visitors around the web as such, respecting the original intent of this DNT option.
> I feel like a lot of this comes down to what "track" means, and what I as an average user am expecting when I enable "do not track".
> Personally, I feel like "track" means following me across multiple websites, or keeping a detailed record of my individual browsing habits on an individual site.
> If you think about what "tracking" means in real life, it means constantly following someone/something or monitoring it. If someone had one of those little infrared foot traffic counter things at the door to their shop, I wouldn't say they're tracking me as an individual. They're tracking how much foot traffic they get, but they're not tracking me.
> Both Plausible and Fathom are just like this. They don't keep the same user identifiers for more than 24h, they just take an anonymous count when you walk in the door to a site (along with a few other anonymous things like referrer). In short, as a user, I don't feel like my individual activity is being tracked to create a profile of my browsing, I just feel like the website is counting me when I walk in the door. They're tracking their visit stats, but they're not tracking ME.
> As cause enabling DNT, what I'm saying and expecting is "do not track ME". It's fine to track your usage stats, but don't track ME and build a profile of ME. So I would not expect services like Plausible and Fathom to do anything about this header, since they're not tracking me as an individual in the first place.
I want to suggest another thing you can do as a web developer. If you can afford it, block all Chrome users, and instruct users to download Firefox instead. Explain why your website is not available for Chrome.
“You are using Chrome which tracks you without consent. Download a spyware-free browser here.” In red at the top of the page with links to brave and Firefox.
Better to show a unobtrusive banner on top, with a link to a well written article about how chrome is spyware. With a button to download firefox. We did that ages ago, but targeted to internet explorer, with good results.
As a Vivaldi user: please don't do this. Vivaldi removed any mentions of its name from the user agent a while ago because some websites intentionally broke themselves in it, so now it's indistinguishable from Chrome as far as web developers are concerned.
Frankly I’m not sure I see a world where Internet advertising is not targeted . Sure it drives profit for Google et al but it does so because it drives profit for a million other businesses. It’s non existence implies a substantial economic cost.
I’d like to see more written and more popularly known about effective, targeted but privacy respecting ad models. Then a good argument would be “why FloC when X is possible?”
To me FloC looks like an attempt at a compromise. Whether we like the world we have or not, there is no going back to the “good old days”.
I don't like the defeatist attitude. Targeted advertising is an opportunistic reaction of the companies who lived the first-mover advantage to its fullest, lacking any regulation.
The market is big enough and can survive regulation, and would evolve alternatives, and the associated deadweight loss would be an acceptable compromise.
Not to mention, the targeted advertising is a game of Prisoner's Dilemma, where all parties lose, it's not even 100% sure if the regulation would cause inefficiency at all.
Sure maybe but I can't think of any precedent for what you're saying. Countries have typically gone from some advertising to even more advertising. An example in which convincing people to buy stuff got harder and people bought the same amount or more stuff doesn't spring to mind.
This is insane. So all sites with publicly routable IP addresses that a user visits are used for this cohort calculation! WTF
Every http server project should include the header by default to disable this, and even back port it for older versions as a critical security vulnerability update, since old sites with sensitive information will clearly be still serving content, and the DEVs may not even be working on the site anymore, and basically an IT guy is just updating software (hopefully...).
Good that these marketing posts get ranked down by HN, Plausible in particular has been flooding the site with posts that are just SEO-optimized ad pieces for their service.
Would I be terribly downvoted if I said that I prefer targeted ads? I'd rather see GPUs than feminine hygiene products.
FLoC seems like a method of saving my preferences locally, which is fine. I'm not interested. I won't use Google's browsers and I'll continue to filter my traffic.
Internet privacy will always be an uphill battle, there's worse things going on, starting with centralized and monopolized DNS, I feel we should focus on fixing that.
It’s not local, because your cohort id will be sent to advertisers, and they’ll back-reference that against what they believe you’re interested in.
But either way, your initial statement assumes that ads will only be interesting to you if your browsing habits are tracked across the internet. There’s another option: if you visit sites that are focused on GPUs they can advertise GPUs to you. This is the way advertising worked from 1700-2000.
If you're browsing a computer tech website you get shown ads for GPUs and other tech items. If you're browsing an article on remedies for dealing with cramps you get shown ads for feminine hygiene products.
Maybe on both sites you get shown ads for coca cola or a car.
None of those require building up a profile that tracks your personal browsing habits across the entire internet and is simply targeting your customers where they are.
It's all about some random company building a detailed file on your person.
If you have trouble understanding it's an issue, imagine all physical businesses - restaurants, shops, taxis, barber shops, hospitals, postal service - recording all your visits, mugshots and all, and forwarding them to Moms Friendly Robots company, which knows exactly what you eat, shit, like to fuck and generally predisposed to do. They also sell this info to others, but that's really secondary.
What you are missing is that FLoC is basically a different vaseline flavor and you preferring it over the original is the biggest issue of it all - that, shokingly, you are OK with the rape to begin with.
>Would I be terribly downvoted if I said that I prefer targeted ads? I'd rather see GPUs than feminine hygiene products.
Would you be OK with an opt-in solution? If you want to be tracked and get "good" ads you install a browser extension and now you get your ads and now everyone is happy.
Same. Maybe I'm in the minority here, but I've discovered dozens of new shops, restaurants, and products in the past year alone, through targeted advertising. Especially on instagram.
I even found my current broker that I do most trades with via targeted advertising, and I'm super happy with it.
Targeted ads of course don't always show perfect companies and products, but they're often a good starting point if I'm looking for a product and I see an ad about it that looks interesting.
That being said, I do try to avoid ads as much as possible, but if I'm gonna see them, for example there's no way to block them on iOS instagram, I'd rather they be targeted than generic.
I hate the data-grabbing business model as much as the next hacker. Equally, I feel reluctant to burn with the holy wrath of anger. It is, and has been, no secret that this is how Google works. They give you great services for 0 money and all your data. What’s unclear or unethical about it? Take it or leave it.
What bothers me much more is Google’s et al crushing dominance over the competition, meaning that whatever shenanigans they come up with end up forced on {m,b}illions of users. This, and the sneaky hiding of data grabbing in “consent” boxes or 100 page ToS docs.
But leave for what? I'm all for leaving Google, I use Firefox and OpenStreetMap as much as I can. I have a non-gmail e-mail account.
DuckDuckGo sucked at searching last time I tried it - and I'd happily pay money for an alternative. Ditto for Google Docs. Google Scholar - another thing I use a lot.
I think the root cause is not really FLoC etc. but Google's total dominance over the Internet, and with it, a lack of real alternative.
This may need CVE.