So after thinking a lot about FLOC and how it impacts and changes the advertisement environment, I have more questions than answers.
And at least from my current understanding, it becomes worse for organisations that want to advertise, which might includes your government trying to educate citizens about things, while not really making things much better for individual privacy, due to the ability to correlate cohort IDs to identify users.
While a lot of people decided to set a header to opt-out from FLOC tracking for their users, I decided to embrace it and let people make up their own mind.
For those interested in the banner, here are the implementation details:
It's kept simple and efficient. It'll only show up, when your browser implements the API. Enjoy!
I just realised that implicitly I built a FLOC tester :D
Want to check if your browser implements FLOC? Just go to https://shivering-isles.com and if a banner shows up warning you about FLOC, your browser is affected. Amazing!
Related: if you want to test if the detection works, you can use the following command in (Fedora) Linux with #chromium:
`chromium-browser "--user-data-dir=$(mktemp -d)" --enable-blink-features=InterestCohortAPI --enable-features="FederatedLearningOfCohorts:update_interval/10s/minimum_history_domain_size_required/1,FlocIdSortingLshBasedComputation,InterestCohortFeaturePolicy"
(It'll enable the feature in a temporary profile that is used until you terminate the command)
And it's done! A 💯% legitimate implementation of Google's FLoC standard for Firefox in an extension:
Finally we can have this awesome private ad company gift in a browser that is not chromium based!
And of course it's a completely serious and not at all satirical/sarcastic implementation. I swear!
Oh no! I'm so floced!
Needed to set my User-Agent to chromium for the scanner test to actually try it, but here we go. My extension works! And the best part, I'm in a new cohort on every page reload.
Finally I can use FLoC in Firefox! 🤡
GitHub Pages "blocks" Google's FLoC now by adding the opt-out header.
I don't think this is any reason to celebrate. #Google pulled two tricks here:
1. It identified all websites that are against this standard, making it easy to rank them worse.
2. Provided a technical solution to a social problem making all the tech elitist feel good by adding a header instead of protesting.
By the way, I wrote a little article on my blog how Google's FLoC incentivises more tracking, not less.
TL;DR: Cohorts are supposed to be meaningless and rely on first-party tracking to "make sense out of them" in order to continue existing business practice's of targeted advertisement. Resulting on harder-to-block tracking for all users and with strong disadvantages for advertisers competing with Google.
@sheogorath And this roll-out strategy is as confusing as the technology itself. I mean, isn't FLoC supposed to be their "solution" to advertising and privacy? But seeing the current backlash against it, it's not even doing anything in Google's favor in this aspect.
@malte It's funny, because while I advised various places to do this, I'm undecided whether I really want to do that myself. Feels like letting Google dictate my webserver headers
If the next required opt-out header is called "this-webserver-admin-is: stupid", will I also set it? Should I just straight our block Chrome users from my sites for their own good? Should I ignore it?
@sheogorath very valid point. i just consider it a political statement 🤷♀️
maybe i'll add some custom headers, too🤔😁
@malte I decided to make the statement actually visible:
Let's see how it goes :)
@doenietzomoeilijk I honestly believe they didn't, but obviously they don't mind. It's business after all and more money is more money.
@sheogorath Agreed, but how do we protest against this?
Petition and pressure Google to roll back? EFF is already doing that, but I don't think Google is going to listen.
Artificially break your site on Chrome? Ask visitors to switch browsers? Even if there's a way of doing that without breaking Brave et al, I doubt enough people will be willing to do that.
Show a polite message without breaking the site? Most people will just dismiss it like they dismiss a cookie banner.
@dubiousdisc I already showed how to do a banner above: https://microblog.shivering-isles.com/@sheogorath/106072444241251745
Make people aware, that their browser is spying in them. But don't judge them or try to explain it to them. Make them curious. Make them interested in the topic themselves.
The goal is not to safe those who don't care, but reach those who might care. Google is not an unbeatable overlord. We can fight them with regulations (e.g. GDPR), with smart people and more.
@sheogorath Well said. I hadn't noticed this was a larger thread, my bad. Thanks for all the work you have done!
@silmathoron that's something I wasn't able to test yet. It's quite hard to come by a browser than actually does FLOC when being in Europe and not even using Google Chrome in first place.
(So far all browsers I tested were negative in both, my own test and EFFs amIFloced.org)
@silmathoron I didn't have the time yet, but if you want, you should be able to verify it using the method from this toot:
@sheogorath Actually, I stumbled on that piece which made me wonder whether the banner is actually worth it...
An it seems to answer the previous question by a negative (can't do both your test and the permission header)
@silmathoron that's one of the reasons I decided against adding the header for my page. At least according to the standard, it's not needed. However the banner on the other hand, helps to make people aware of the browser behaviour and this way might help people to make a sane decision if they want to participate in this experiment.
The banner itself is designed to only check if the browser implements FLoC, it doesn't use it or estimate whether it's active.
This is my personal microblog. It's filled with my fun, joy and silliness.