Shouldn't matter. FLoC isn't enabled if they don't use the `document.interestCohort()` API and if Chromium doesn't detect ads; at least for now. https://seirdy.one/2021/04/16/permissions-policy-floc-misinf...
But it also says:
What adding this header does is exclude your website from being used when calcualting a user’s cohort. A cohort is an identifier shared with a few thousand other users, calculated locally from browsing history; sites that send this header will be excluded from this calculation. The EFF estimates that a cohort ID can add up to 8 bits of of entropy to a user’s fingerprint.
Being excluded from cohort calculation has a chance to place a user in a different cohort, altering a user’s fingerprint. This new fingerprint may or may not have more entropy than the one derived without being excluded.
But is individual fingerprinting really the concern? What if I don't want google clustering people who visit my page with people who visit similar pages? In they case, the header still helps protect their privacy, right? By making Google's website visit interest based clustering less substantively accurate? Or am I misunderstanding how floc works?
If you add the header to your site, do it for the right reason. It could mess with unsophisticated ad targeting, but it won't necessarily make a difference wrt. privacy. Energy is better spent getting users off of any browser that supports FLoC (Chrome, probably Chromium too).
My company is a non-profit and doesn't serve ads on our website. Should we ensure this header exists for our site?
If we have GA, we're getting some information and Google is getting some information, but are they sharing this information about users directly with advertisers?
The premise of FLoC is that they are explicitly tagging you in a group specifically for advertisers.