I want to suggest another thing we can collaborate on. File bugs against Apache and nginx such that Apache and nginx emit Permission-Policy header by default. People who want FloC can opt-in, but since Pervasive Monitoring Is an Attack (RFC 7258), it is clearly severe security bugs in Apache and nginx that they don't emit this header by default.<p>This may need CVE.
"The web as we know it is evolving. Apple is pushing a privacy-first approach from its operating systems and Safari" Is that the Apple that uploads the MAC addresses of every device on your LAN and your GPS location without telling anyone?
While I do understand that some people may not like it, I don't see how FLoC is particularly harmful. I've read several articles about it, and most of them just say something like "you are being put in a advertising cohort -- see how creepy it is", which doesn't really prove anything.<p>One more specific argument against FLoC is that it will make help tracking users via fingerprinting. I don't really buy it. First of all, the estimations from [EFF article](<a href="https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea" rel="nofollow">https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-...</a>) are just plainly wrong. They are talking about narrowing down to thousands of users, while in fact if Chrome has on the order of a billion users, and if FLoC has only 8 bits of entropy, the actual number of users in a cohort is on the order of millions. Secondly, from my understanding this cohort is based on your recent activity, so it will change over time.
At what point enough is enough and Chrome and other data-collecting Google products can be called for what they are - spyware?<p>It’s time to pick another browser.
I'd recommend blocking FLoC on any websites you run. It is simple to do. Add this header to block FLoC:<p>`permissions-policy: interest-cohort=()`<p>See also this post on StackOverflow for information on how it adds a warning message in Chrome DevTools for browsers that aren't part of the current test [1]<p>[1] <a href="https://stackoverflow.com/questions/66997942/error-with-permissions-policy-header-when-using-chromedriver-to-a-headless-br" rel="nofollow">https://stackoverflow.com/questions/66997942/error-with-perm...</a><p>Edit for typo.
"You need my consent before you track me."<p>What about this statement is so inherently difficult to understand for SEs at companies like Google?<p>It's time to stop!
Plausible tracks visitors without their permission. This is illegal in Europe where notice or consent or is needed, regardless of how cookies are used/not used.<p>More info: <a href="https://volument.com/learn/data-privacy" rel="nofollow">https://volument.com/learn/data-privacy</a><p>Note that I work at Volument.
I want to suggest another thing you can do as a web developer. If you can afford it, block all Chrome users, and instruct users to download Firefox instead. Explain why your website is not available for Chrome.
Frankly I’m not sure I see a world where Internet advertising is not targeted . Sure it drives profit for Google et al but it does so because it drives profit for a million other businesses. It’s non existence implies a substantial economic cost.<p>I’d like to see more written and more popularly known about effective, targeted but privacy respecting ad models. Then a good argument would be “why FloC when X is possible?”<p>To me FloC looks like an attempt at a compromise. Whether we like the world we have or not, there is no going back to the “good old days”.
This is insane. So all sites with publicly routable IP addresses that a user visits are used for this cohort calculation! WTF<p>Every http server project should include the header by default to disable this, and even back port it for older versions as a critical security vulnerability update, since old sites with sensitive information will clearly be still serving content, and the DEVs may not even be working on the site anymore, and basically an IT guy is just updating software (hopefully...).
Good that these marketing posts get ranked down by HN, Plausible in particular has been flooding the site with posts that are just SEO-optimized ad pieces for their service.
> FLoC seems to be Google’s way of saving a dying business.<p>...<p>> We need to ban targeted advertising to truly have a privacy-first web.<p>Why ban it when it's a dying business?
Would I be terribly downvoted if I said that I prefer targeted ads? I'd rather see GPUs than feminine hygiene products.<p>FLoC seems like a method of saving my preferences locally, which is fine. I'm not interested. I won't use Google's browsers and I'll continue to filter my traffic.<p>Internet privacy will always be an uphill battle, there's worse things going on, starting with centralized and monopolized DNS, I feel we should focus on fixing that.
I hate the data-grabbing business model as much as the next hacker. Equally, I feel reluctant to burn with the holy wrath of anger. It is, and has been, no secret that this is how Google works. They give you great services for 0 money and all your data. What’s unclear or unethical about it? Take it or leave it.<p>What bothers me much more is Google’s et al crushing dominance over the competition, meaning that whatever shenanigans they come up with end up forced on {m,b}illions of users. This, and the sneaky hiding of data grabbing in “consent” boxes or 100 page ToS docs.