I run a website with no trackers, no ads, nothing at all to do with Google or any other company in any way.
You come along, with Google Chrome, and visit my site.
Google adds the fact that you visited my site to their massive dataset (as well as who-knows-what-else)
And to opt out of something I have never been asked to be involved with in any way, I need to contact Google and ask them to please leave my site alone?
Am I understanding this shit correctly?
Whether I like it or not, my site, by proxy, is participating in Google's data mining?
If my guess is correct, how the actual fuck is this not illegal?
Edit: Ok, I guess I'm off the mark here with my assumptions so I'll put my pitchfork down.
Google are just using your Chrome browsing data, matching it with site id's (or hashes?) and then analysing the shit out of it for their gain.
As a website owner, nothing has changed other than I can tell them not to use my site as part of their analysis... that sound about right?
> I run a website with no trackers, no ads, nothing at all to do with Google or any other company in any way.
Then your site will not be included in FLoC: "A page visit will be included in the browser's FLoC calculation if document.interestCohort() is used on the page. During the current FLoC origin trial, a page will also be included in the calculation if Chrome detects that the page load ads or ads-related resources." -- https://web.dev/floc/
(Disclosure: I work for Google, speaking only for myself)
I'm 100% against this whole FLoC thing but I really cannot understand this conclusion.
If I drive through a McDonald's drivethrough, and Android/iOS/Fitbit/Tesla/whomever records my journey via GPS, they know I ate a McDonald's but McDonald's the company has not directly "participated" in any tracking of any kind.
I don't think your website is participating really. There are a lot of posts describing this opt-out but none really say what you are opting out of.
It seems that the content of your website may be used to identify the users interest.
It isn't illegal because the browser is allowed to do whatever you want with your website. This is really no different than an extension that can access your website content to recommend other pages you may be interested in.
In the same way it isn't clear to me why I would want to opt-out. I guess it is 1. Sending Google a signal and 2. Protecting users from themselves?
But if I want to protect users from themselves I'm probably better off showing a banner recommending Firefox. (And this also helps the open web at the same time)
> If my guess is correct, how the actual fuck is this not illegal?
Because Google has effectively embedded and interwoven itself so tightly into the fabric of the web, that simply having no association with them is impossible. Vint Cerf is their evangelist. The creator of The Internet is an evangelist for Google! Read more:
> Vinton G. Cerf is vice president and Chief Internet Evangelist for Google. He contributes to global policy development and continued spread of the Internet.
Seems similar to the Google Street View issue. They took pictures of public places, and you had to manually request to have your face or identifying info removed, if they were revealed.
The website is public in the same way as it can be accessed by any browser and isn't blocking search robots.
Why would you control what people use to visit your website? By leaving your website on the open web, you contribute to a bunch of other things, bots parse it left and right, rank it among other websites, archive.org makes snapshots, and not one of them had you opt in. How is this current case different?
The purpose of this permission is to prevent embedded third-party content from using FLoC. Besides that it’s a no-op.
FLoC does not track arbitrary websites, it tracks sites which retrieve the FLoC cohort via JS. So instead of dropping a unique third party cookie, and associating it with the data on the page, sites can now retrieve a k-anonymous cohort id and associate it with the data on the page. If you’re not doing that (or serving ads) there’s nothing you need to do.
That’s not to say that FLoC doesn’t deserve criticism just that most criticism I’ve encountered is not grounded in reality.
Only a little bit of time before the opting out process is made redundant by some API that will break somewhere or something that will be brought in as an RFC in chrome.
Chrome's & Android's entire existence is to ensure Google ads business survives. This until Google can find another business that produces the same returns or dies.
I wish there were more entities that would focus on developing tools for open web. Open web as we used to know is dying.
I think the state of affairs with the mobile world is the worst. I can't help but think that Android was the worst disaster that happened to software industry.
Android corrupted the ethos of FOSS, decimated all hopes for privacy, contributed to destroying the environment, stripped users of freedom of choice. I think it'll take a very special group of people to reverse the tide.
Today I looked at the source code of Chrome where this is implemented, so I'd understand it better.
It made me realize that there is indeed (of course) software engineers (meaning: people) working on this who actually write that code. Does a high salary justify working on such features, or are modern day software engineers more like factory workers? I think not because most software engineers have a choice.
People around the world build machines that melt skin off of children in Middle East for quarter of that pay. Even in America. And they're proud of it too.
There's two sides to every story. Reducing the amount of third-party tracking cookies on the web, and implementing a novel application of federated learning are definitely things some engineers would do, money aside, because they're technically challenging.
> I think not because most software engineers have a choice.
most people care more about their own interests than the interests of society in general. Only when collectively devising laws would society take the interest of society over individuals.
Therefore, software engineers are fully justified at making software that is deemed unethical, but still take the stance that it is unethical. You might call it hypcracy but i say it's practicality.
Legislation should be introduced to perform the function of ensuring ethical standards, not altruism on the part of the individual.
It is. If you’re not calling ‘document.interestCohort()’ or serving ads from an ad network on your page then FLoC does nothing. The purpose of this permission is to prevent embedded third-party content from using FLoC.
Unless Google make it a benefit in search rankings in which case some (possibly many) will for SEO purposes, bit still not enough I'd wager (and the balance would be such that lower quality sites, that prioritise SEO over actually useful content, would be the majority of those that went for it).
This feels a bit like way-back-when, when BT and a couple of other UK ISPs toyed with a system that would insert ads into web content, sometimes replacing existing ads, simultaneously bothering their users (to make money out of them on top of existing subscription payments), screwing site runners (being associated with ads they had no control or even knowledgeless knowledge of, and potentially losing ad revenue), and screwing other advert providers.
Maybe it's time for developers to help with the fight back. Break things in Chrome, and encourage people to use Firefox. The amount of time I've been told to use Chrome is ridiculous. I regret being part of the crowd who jump on the Chrome bandwagon when it came out all those years ago.
Having to explicitly opt out regardless of what you do is terrible. So now you're telling me that I have consciously disable it every time I create a new website/page? How do we force Google to stop this?
Sadly most users don't even know that they are using Chrome or Firefox or that these have a version number. So breaking up things for them won't help, they won't make the switch...
It has to be a regulatory decision imposed on Google, much like when Microsoft was forced to do something about Internet Explorer long time ago.
That said, according to that StackOverflow page, the error only appears in DevTools. That's not as bad as it sounded at first. I was worried it would be an IE-style alert on page load, for example, or a visible bar across the top of the page. It's not, it's just spam in the DevTools console.
Isn't this the sort of thing .well-known is for? Presumably Google are doing it this way because less people can create headers than can make a text file.
Very dystopian to think Google is normalizing the idea enabling an ad tracking profile built into the browser itself.
The very notion that users need to be tracked and fingerprinted/profiled from site to site is asinine.
Advertising worked before the concept of tracking on the web. Companies simply paid for contextual ads based on the site. For example visit a site that covers college basketball and advertisers would pay to put ads here for sports gear, sports equipment etc, Go to a site that covers how to keep a nice lawn and advertisers would pay to place ads for mowers, fertilizers, etc.
The very idea that it is normal to have a specific adverting profile assigned to you to track you all over the web is disturbing.
If your site does not call document.interestCohort() or include ads, Chrome will already not consider your site in computing FLoC:
A page visit will be included in the browser's FLoC calculation if document.interestCohort() is used on the page. During the current FLoC origin trial, a page will also be included in the calculation if Chrome detects that the page load ads or ads-related resources. -- https://web.dev/floc/
I looked into this, and it's way harder than you think. Several browsers report themselves as Chrome, Chrome itself is about to get rid of its user agent, and all the javascript feature detection methods I could find no longer work.
That's interesting and ethical by providing suggestions as alternatives!
I'd be interested too, but I can't find much on the web... do you guys have any instructions/link?
Ha. This just occurred to me - Google is a search engine of websites for many people, but at the same time it is a search engine of people for many advertisers.
We thought we were looking for something but actually we were constantly searched.
Ha. They do this everywhere not just on Chrome. In your gmail. Youtube. In your smartphone, google apps. Basically any google product should be expected to spy on you.
You are the product in Google's grand scheme. The ad buyers are their customers.
Done, just added the the header to my .htaccess. No big deal. 1 minute work.
In general a good idea to just be on top on what headers your web site actually sends and generally know what you are doing with things like cookies, etc. on behalf of your users.
That's already something you need to do and be on top off for legal reasons. Just because lots of website maintainers are kind of indifferent/hands off/sloppy/ignorant on this front does not mean it's OK for you to be that way. This is just another thing to take a conscious decision about and pay attention to. Things that you are in any case supposed to know and pay attention to. Comes with the job of running a website. Your content, your problem to deal with. Or not. Normal due diligence. Should be business as usual.
if all it takes to block is adding header `permissions-policy: interest-cohort=()
1. Github has all those bots that suggest security improvements to your code - maybe they should also suggest privacy improvements to your code.
2. Governmental sites should be changed to always require this.
3. How about a plugin that when it gets a site without the header informs user via colored tab or similar solution. I suppose Google would try to remove it from add-ons, but then that would be fuel for the inevitable lawsuits complaining this whole thing was anti-competitive and monopolistic behavior on Google's part.
There are also tools that check your HTTP headers. While securityheaders checks for Permission-Policy being used, I can imagine it will be improved to check for the "interest-cohort" value in the future.
How many of you actually brought something just because a machine/stranger recommended it to you? For me, it's almost never.
I watch YouTube a lot, as a free tier user, of course. When a video starts to play, all my focus is automatically dead-locked on the "Skip Ad" button, and sometimes "Skip trial". It's a game for me now to see how fast I can tap the "Skip". As for the content of the Ad, well, usually I ignored it all together.
Sometimes, when I'm away from the phone and suddenly a some 50 hours long Ad starts to play, I'll just continue finishing what's on hand first, and then go to my phone to tap "Skip" or switch to Twitter or Telegram to see whats fun over there -- all without notice what the Ad was saying.
Yes, sometime, some annoying Ad got into my head anyway, but ... why should I buy something that annoys me?
For me, the most effective Ad are those what I'm actively looking for. For example, if I'm looking for a running shoes, I'll click the Ad on the search page and/or listings page to see if there is a good product/deal. And I'll stop click those as soon as I made the purchase.
So personally, I don't really understand the idea of Tracking Your Every Move So We Can Sell You Stuff. How it even works?
[+] [-] dannyw|5 years ago|reply
Does anyone else see FLoC as worse than the current state we're in?
[+] [-] _Understated_|5 years ago|reply
I run a website with no trackers, no ads, nothing at all to do with Google or any other company in any way. You come along, with Google Chrome, and visit my site. Google adds the fact that you visited my site to their massive dataset (as well as who-knows-what-else) And to opt out of something I have never been asked to be involved with in any way, I need to contact Google and ask them to please leave my site alone?
Am I understanding this shit correctly?
Whether I like it or not, my site, by proxy, is participating in Google's data mining?
If my guess is correct, how the actual fuck is this not illegal?
Edit: Ok, I guess I'm off the mark here with my assumptions so I'll put my pitchfork down.
Google are just using your Chrome browsing data, matching it with site id's (or hashes?) and then analysing the shit out of it for their gain.
As a website owner, nothing has changed other than I can tell them not to use my site as part of their analysis... that sound about right?
[+] [-] jefftk|5 years ago|reply
Then your site will not be included in FLoC: "A page visit will be included in the browser's FLoC calculation if document.interestCohort() is used on the page. During the current FLoC origin trial, a page will also be included in the calculation if Chrome detects that the page load ads or ads-related resources." -- https://web.dev/floc/
(Disclosure: I work for Google, speaking only for myself)
[+] [-] lucideer|5 years ago|reply
I'm 100% against this whole FLoC thing but I really cannot understand this conclusion.
If I drive through a McDonald's drivethrough, and Android/iOS/Fitbit/Tesla/whomever records my journey via GPS, they know I ate a McDonald's but McDonald's the company has not directly "participated" in any tracking of any kind.
[+] [-] kevincox|5 years ago|reply
It seems that the content of your website may be used to identify the users interest.
It isn't illegal because the browser is allowed to do whatever you want with your website. This is really no different than an extension that can access your website content to recommend other pages you may be interested in.
In the same way it isn't clear to me why I would want to opt-out. I guess it is 1. Sending Google a signal and 2. Protecting users from themselves?
But if I want to protect users from themselves I'm probably better off showing a banner recommending Firefox. (And this also helps the open web at the same time)
[+] [-] cyberlab|5 years ago|reply
Because Google has effectively embedded and interwoven itself so tightly into the fabric of the web, that simply having no association with them is impossible. Vint Cerf is their evangelist. The creator of The Internet is an evangelist for Google! Read more:
https://research.google/people/author32412/
> Vinton G. Cerf is vice president and Chief Internet Evangelist for Google. He contributes to global policy development and continued spread of the Internet.
[+] [-] ThePowerOfFuet|5 years ago|reply
"Just"? Google should have absolutely no access to your non-Google browsing history whatsoever.
That alone is pitchfork-worthy.
[+] [-] rchaud|5 years ago|reply
Seems similar to the Google Street View issue. They took pictures of public places, and you had to manually request to have your face or identifying info removed, if they were revealed.
The website is public in the same way as it can be accessed by any browser and isn't blocking search robots.
[+] [-] dylan604|5 years ago|reply
[+] [-] Applejinx|5 years ago|reply
[+] [-] npteljes|5 years ago|reply
[+] [-] jahewson|5 years ago|reply
The purpose of this permission is to prevent embedded third-party content from using FLoC. Besides that it’s a no-op.
FLoC does not track arbitrary websites, it tracks sites which retrieve the FLoC cohort via JS. So instead of dropping a unique third party cookie, and associating it with the data on the page, sites can now retrieve a k-anonymous cohort id and associate it with the data on the page. If you’re not doing that (or serving ads) there’s nothing you need to do.
That’s not to say that FLoC doesn’t deserve criticism just that most criticism I’ve encountered is not grounded in reality.
[+] [-] zenincognito|5 years ago|reply
Chrome's & Android's entire existence is to ensure Google ads business survives. This until Google can find another business that produces the same returns or dies.
I wish there were more entities that would focus on developing tools for open web. Open web as we used to know is dying.
[+] [-] kovac|5 years ago|reply
Android corrupted the ethos of FOSS, decimated all hopes for privacy, contributed to destroying the environment, stripped users of freedom of choice. I think it'll take a very special group of people to reverse the tide.
[+] [-] colordrops|5 years ago|reply
[+] [-] kerng|5 years ago|reply
It made me realize that there is indeed (of course) software engineers (meaning: people) working on this who actually write that code. Does a high salary justify working on such features, or are modern day software engineers more like factory workers? I think not because most software engineers have a choice.
Been thinking about this a lot afterwards.
[+] [-] izacus|5 years ago|reply
Time to look outside of tech bubble perhaps?
[+] [-] bhl|5 years ago|reply
Also link to that source code mentioned: https://source.chromium.org/chromium/chromium/src/+/master:c...
[+] [-] chii|5 years ago|reply
most people care more about their own interests than the interests of society in general. Only when collectively devising laws would society take the interest of society over individuals.
Therefore, software engineers are fully justified at making software that is deemed unethical, but still take the stance that it is unethical. You might call it hypcracy but i say it's practicality.
Legislation should be introduced to perform the function of ensuring ethical standards, not altruism on the part of the individual.
[+] [-] edent|5 years ago|reply
I'm sick of having to add yet another config option every time some Web giant decides it is OK to abuse my website and my visitors.
[+] [-] ulfw|5 years ago|reply
[+] [-] jahewson|5 years ago|reply
[+] [-] sanxiyn|5 years ago|reply
[+] [-] dspillett|5 years ago|reply
Who would opt in if it was?
What benefit would there be to opting in?
Unless Google make it a benefit in search rankings in which case some (possibly many) will for SEO purposes, bit still not enough I'd wager (and the balance would be such that lower quality sites, that prioritise SEO over actually useful content, would be the majority of those that went for it).
This feels a bit like way-back-when, when BT and a couple of other UK ISPs toyed with a system that would insert ads into web content, sometimes replacing existing ads, simultaneously bothering their users (to make money out of them on top of existing subscription payments), screwing site runners (being associated with ads they had no control or even knowledgeless knowledge of, and potentially losing ad revenue), and screwing other advert providers.
[+] [-] JI00912|5 years ago|reply
[+] [-] dastx|5 years ago|reply
Having to explicitly opt out regardless of what you do is terrible. So now you're telling me that I have consciously disable it every time I create a new website/page? How do we force Google to stop this?
[+] [-] gregoriol|5 years ago|reply
It has to be a regulatory decision imposed on Google, much like when Microsoft was forced to do something about Internet Explorer long time ago.
[+] [-] jedwhite|5 years ago|reply
`permissions-policy: interest-cohort=()`
It's only deployed on a test set of Chrome browsers so far, and it does create a warning message on browsers that don't support it. [1]
[1] https://stackoverflow.com/questions/66997942/error-with-perm...
Edit to note support for blocking this!
[+] [-] aledalgrande|5 years ago|reply
[+] [-] lstamour|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] pbhjpbhj|5 years ago|reply
[+] [-] kjrose|5 years ago|reply
[+] [-] roody15|5 years ago|reply
The very notion that users need to be tracked and fingerprinted/profiled from site to site is asinine.
Advertising worked before the concept of tracking on the web. Companies simply paid for contextual ads based on the site. For example visit a site that covers college basketball and advertisers would pay to put ads here for sports gear, sports equipment etc, Go to a site that covers how to keep a nice lawn and advertisers would pay to place ads for mowers, fertilizers, etc.
The very idea that it is normal to have a specific adverting profile assigned to you to track you all over the web is disturbing.
[+] [-] jefftk|5 years ago|reply
A page visit will be included in the browser's FLoC calculation if document.interestCohort() is used on the page. During the current FLoC origin trial, a page will also be included in the calculation if Chrome detects that the page load ads or ads-related resources. -- https://web.dev/floc/
Detecting "ads or ads-related resources" uses a filter derived from EasyList: https://github.com/chromium/chromium-ads-detection/blob/mast...
(Disclosure: I work for Google, speaking only for myself)
[+] [-] peanut_worm|5 years ago|reply
[+] [-] thejohnconway|5 years ago|reply
[+] [-] scaglio|5 years ago|reply
[+] [-] jaimex2|5 years ago|reply
[+] [-] unobatbayar|5 years ago|reply
[+] [-] euske|5 years ago|reply
We thought we were looking for something but actually we were constantly searched.
[+] [-] freebuju|5 years ago|reply
You are the product in Google's grand scheme. The ad buyers are their customers.
[+] [-] CaptainZapp|5 years ago|reply
Nice website you have here. Would be a shame if no one can find it?
[+] [-] jillesvangurp|5 years ago|reply
In general a good idea to just be on top on what headers your web site actually sends and generally know what you are doing with things like cookies, etc. on behalf of your users.
That's already something you need to do and be on top off for legal reasons. Just because lots of website maintainers are kind of indifferent/hands off/sloppy/ignorant on this front does not mean it's OK for you to be that way. This is just another thing to take a conscious decision about and pay attention to. Things that you are in any case supposed to know and pay attention to. Comes with the job of running a website. Your content, your problem to deal with. Or not. Normal due diligence. Should be business as usual.
[+] [-] encryptluks2|5 years ago|reply
[+] [-] bryanrasmussen|5 years ago|reply
if all it takes to block is adding header `permissions-policy: interest-cohort=()
1. Github has all those bots that suggest security improvements to your code - maybe they should also suggest privacy improvements to your code.
2. Governmental sites should be changed to always require this.
3. How about a plugin that when it gets a site without the header informs user via colored tab or similar solution. I suppose Google would try to remove it from add-ons, but then that would be fuel for the inevitable lawsuits complaining this whole thing was anti-competitive and monopolistic behavior on Google's part.
[+] [-] darekkay|5 years ago|reply
- https://securityheaders.com
- https://observatory.mozilla.org
[+] [-] nirui|5 years ago|reply
How many of you actually brought something just because a machine/stranger recommended it to you? For me, it's almost never.
I watch YouTube a lot, as a free tier user, of course. When a video starts to play, all my focus is automatically dead-locked on the "Skip Ad" button, and sometimes "Skip trial". It's a game for me now to see how fast I can tap the "Skip". As for the content of the Ad, well, usually I ignored it all together.
Sometimes, when I'm away from the phone and suddenly a some 50 hours long Ad starts to play, I'll just continue finishing what's on hand first, and then go to my phone to tap "Skip" or switch to Twitter or Telegram to see whats fun over there -- all without notice what the Ad was saying.
Yes, sometime, some annoying Ad got into my head anyway, but ... why should I buy something that annoys me?
For me, the most effective Ad are those what I'm actively looking for. For example, if I'm looking for a running shoes, I'll click the Ad on the search page and/or listings page to see if there is a good product/deal. And I'll stop click those as soon as I made the purchase.
So personally, I don't really understand the idea of Tracking Your Every Move So We Can Sell You Stuff. How it even works?
Now if you remember this: https://news.ycombinator.com/item?id=14879204
[+] [-] JI00912|5 years ago|reply
And I don't mean opting out. Asking them nicely and hoping they respect that is not good enough.
[+] [-] karmakaze|5 years ago|reply
Using and promoting the use of Firefox is better/complementary advice.