> Why is this bad? As the Electronic Frontier Foundation explains in their post “Google’s FLoC is a terrible idea“, placing people in groups based on their browsing habits is likely to facilitate employment, housing and other types of discrimination, as well as predatory targeting of unsophisticated consumers.<p>All of this has been happening with tracking cookies, fingerprint tracking, pixel tracking and so on. And will continue to happen.<p>I find it so bizarre it took Google to talk about phasing out 3rd party cookies and replacing it with a much lesser technology in the face of FLoC, for people to suddenly be all up in arms about it.
I am hopeful that this will help get rid of FLoC but I worry about two things. One, this will end up being treated like the "no track" headers. That's just totally ignored after IE (was it IE?) enabled it be default. That gave all the trackers a reason to just ignore it and track everyone. I don't know if that exact same thing can happen here, but something similar maybe? The other thing I worry about is that FLoC 2.0 or whatever might replace it, will be worse.<p>"Kill it before it lays eggs." but do we worry about what evolves from this if it dies?
A comment in the WP post brings up the malicious nature of FLOC opt-out - it requires base layer changes to your site. Google knows from Samesite that it requires "your app is going to break" levels of urgency to get old sites to update, and can likely follow the dots to how an opt-out is much less likely to be used than an opt in.<p>This feels like something that should get more attention/discussion. It flew for Samesite because "better security defaults" is a good argument. Not sure it works that way for FLOC.<p>Despite being involved in the Samesite rollout I hadn't quite made the same connection as that commenter, as I am not as connected to the FLOC work.
From my surface level reading of FLoC - would it be possible for Edge or Mozilla to implement FLoC - but to send noise / random / incorrect data up in a way that essentially wrecks the algorithm?
I just love the Google's way of thinking.<p>Users: We hate cookies, because they are abused to hurt our privacy by allowing advertisers to build a profile about us<p>Google: We have a great idea! We can get rid of 3rd party cookies and instead make your browser build profile about you and share it with everyone.
I've not been following this proposal closely I did find<p><a href="https://github.com/WICG/floc" rel="nofollow">https://github.com/WICG/floc</a><p>>Tracking people via their cohort<p>>A cohort could be used as a user identifier. It may not have enough bits of information to individually identify someone, but in combination with other information (such as an IP address), it might.<p>Whose purpose is:<p>>A FLoC cohort is a short name that is shared by a large number (thousands) of people, derived by the browser from its user’s browsing history.<p>I wonder if it's possible to define a large enough number X that people are OK with the idea. (Cookies are effectively "1" and nothing is "3,010,000,000" ie on the internet)<p>Could the cohort minimum size be configurable?<p>Given the IP address can be known today: what's the existing accidental "FLoC proxy" or "How unique are you online?" Or "online finger print" (something I'd not thought of before: my timezone can significantly narrow down who I am)
You can try using yourself on:
<a href="https://amiunique.org/fp" rel="nofollow">https://amiunique.org/fp</a>
FLoC cohort computation only triggers on websites which call the document.interestCohort API or load ads.<p>This is not quite an opt-in. But a blanket opt-out isn't necessary either.
The FLoC debate is pretty binary - you're either for it or against it. I think it's better to frame the debate as "how much tracking entropy should browsers provide?" Tracking entropy is log(cohort you're in). So if a service can tell you're in a group of 1024 users, tracking entropy is log2(1024) = 10.<p>The cohort you're in currently determined by 1) third-party cookies 2) fingerprinting techniques. Removing third-party cookies and introducing FLoC will probably reduce the entropy provided by the user. Recall that the FLoC proposal aims to put each user in a group of several thousand other users. That's about 12 bits of entropy. A third-party cookie would probably provide more, though I don't know the number off the top of my head. You only need log2(3 billion internet users) = 32 bits to identify every internet user hyper-precisely.<p>So, moving to FLoC probably reduces the tracking entropy provided by the user. But it still leaves fingerprinting as a viable way to identify users. Even if both third-party cookies and FLoC were eliminated, there would still be fingerprinting.<p>So, I think the Google approach is "provide a minimum tracking entropy via FLoC, and try to bound maximum entropy by limiting fingerprinting." Privacy advocates want a world where browsers try aggressively to limit tracking entropy, perhaps ideally eliminating it altogether.<p>See the "privacy budget" mentioned here for a similar idea: <a href="https://blog.chromium.org/2019/08/potential-uses-for-privacy-sandbox.html" rel="nofollow">https://blog.chromium.org/2019/08/potential-uses-for-privacy...</a><p>Disclaimer: I work at Google.
I mean if we are going to be subject to mandatory profiling, why not take brave's approach of paying users directly for the apps they see cutting out the middlemen
It would appear that there are already at least two plugins that take care of this for those who'd like to do so before it's rolled into the WordPress core:<p><a href="https://wordpress.org/plugins/search/floc/" rel="nofollow">https://wordpress.org/plugins/search/floc/</a>
The submitted title was "WordPress Proposal to Treat Google's FLoC as a Security Concern". That makes it sound like Wordpress itself is officially making this proposal. Is it? The page doesn't look like that to me.<p>We've reverted the title in keeping with the site rule: "<i>Please use the original title, unless it is misleading or linkbait; don't editorialize.</i>" (<a href="https://news.ycombinator.com/newsguidelines.html" rel="nofollow">https://news.ycombinator.com/newsguidelines.html</a>).
I wish someone at Google said "We have this idea that would significantly improve user privacy, and that's through means that would fundamentally hurt our possibility to deliver ads".<p>Or facebook saying "we have this idea that would improve the experience on our platforms, and we think it's a great idea despite hurting our ability to grow, show ads and our short term bottom line. It actively discourages 'engagement'".<p>If I had any stock in either company I'd <i>still</i> be delighted about these. I think it's the best long term growth strategy they can have. Focusing not on growth but on users and goodwill.
Ah come on. The FLoC proposal has built in ways to turn it off. If you don't wanna be put in a cohort you can just configure your browser (even chrome) to say you don't have one.
Honestly I’m starting to think treating google like a security concern is the answer here. Lately their moves have been actively open web hostile. See AMP etc
I think this is starting to get to the level of a moral panic. I respect that these developers think FLoC is bad, but what does it have to do with the WordPress project?
Lately the loss of security, increased tracking, etc are very pressing issues, which the "general public" is not aware of.
Would it be feasible, or actually doable, to create an wareness month - a la Movember? This would help to shine some light on what is being done by major corporations, and which affects everyone.
The intro lost me:<p>> WordPress powers approximately 41% of the web – and this community can help combat racism, sexism, anti-LGBTQ+ discrimination and discrimination against those with mental illness with four lines of code:"<p><pre><code> function disable_floc($headers) {
$headers['Permissions-Policy'] = 'interest-cohort=()';
return $headers;
}
add_filter('wp_headers', 'disable_floc');
</code></pre>
If you seriously think this is going to make a difference in <i>racism</i>, of all things... I mean... do people seriously think that? Do you know what racism is anymore?
With the death of third-party cookies Google is trying to force browsers to add enough bits of entropy so that the same level of user tracking can be achieved through fingerprinting instead. Simple as that. The fact that Google is rolling this out right now but their plans to reduce fingerprinting move much more slowly, if at all, is telling. This absolutely needs to be treated as the massive privacy leak that it is.
It’s a opportunity to put priv engineering techniques to the test in prod, at least. That’s 100% the main thing that stands out here.<p>In the raw browser history, prior to ~hashing it to a FLoC ID, can Google anon PII while still maintaining good data analytics from the rest* of the dataset’s fields?<p>Priv engineer, as an engineering discipline, would argue yes.<p>If this is what Google does and the privacy is put through its paces (can a FLoC ID de-anon into a user?), then yeah this isn’t a bad trade off.<p>Use case: Google has to make money, I love Chrome’s and GSuite’s UX, priv eng’ing lets them use my data to pay for that UX while moving all the tracking in-house and ending 3rd party cookies.
I mean yes, web ads have been used to hack people for decades. Just put your code in the ad and steal his cookies (and the next 10 issues after that gets patched by the ad service). It was a favorite topic in blackhat presentations. At the end of the day there is no way to do ads securely, aside from maybe JPEG ads. People don't seem to understand that adding more bloat to the web (which is already a terribly insecure and inefficient way to implement software) directly reduces the security of online banking and e-commerce.<p>disclosure: I don't know what FLoC is, and the OP page doesn't load. Seems to be something about web ads security.