-
Sheogorath authored
This patch adds a simple little banner to the blog that pops up when a browser implements the FLOC API. In order to do this, it detects if the FLOC function to recieve the "Cohort ID" `document.interestCohort()` is implemented. [1] Goal of the banner is to allow users to make an informed choice if they want their browser to scan their browsing history in order to categorise them before using this category to provide ads. Hopefully it triggers a little bit of backlash. If you are here and wonder what FLOC is: FLOC is a new standard designed by Google to replace tracking via third-party cookies by replacing those with the so-called cohort IDs. Cohort IDs are IDs provided by a browser vendor that try to identify a users interest in order to provider targeted ads, based on browsing history and other activities within the browser. This technique is flawed on multiple levels as it raises concerns towards other, non-google, advertisement companies that are unable to provide any comparable service due to not owning a browser with the majority of market share. [6] But even more important privacy concerns towards the browser as browser vendors require to collect a certain amount of data from their users in order to provide an algorithm that can actually perform the history analysis to categories the user into cohorts. [2] [5] Further, valid privacy concerns exist, that the correlation of cohort IDs can identify a user uniquely by correlating sets cohort IDs over time. [3] Finally it's questionable how the proposal, that is talking about excluding "sensitive categories" will actually be implemented. Given the diversity of the worlds minds and opinions on what is and what is not sensitive, it's rather questionable that this won't end up limiting, basically censoring certain topics, or preventing valid users to be reached about certain topics. [4] Since FLOC is by default only opt-out at this point in time, for all browsers that implement it, various server admins use the opt-out feature, namely a HTTP header `Permissions-Policy: interest-cohort=()` to keep their user "safe" from this abuse. [7] [8] However, this will not only force server-admins to act based on Google bad decisions, which basically is a bow to Google's power, but also leaves users open to further abuse if Google ever decides to ignore this header in the future. Therefore this warning hopefully informs the user about the potential risk and leaves it to themselves to decide whether they want to continue to fall vicitm to Google's plays or ask their government to BAN TARGETED ADVERTISEMENT. (Meanwhile just switching the browser would also help already, but is not always easily possible.) [1]: https://wicg.github.io/floc/ [2]: https://wicg.github.io/floc/#input-and-output [3]: https://github.com/WICG/floc/issues/100 [4]: https://matrix.to/#/!DWmRLxicsCapNUUlIQ:matrix.org/$161852570074ceyIc:shivering-isles.com?via=shivering-isles.com&via=matrix.org&via=kif.rocks [5]: https://github.com/WICG/floc/blob/aaacf84cee6976fadb5deb9cb8705914d705e09f/README.md#proof-of-concept-experiment [6]: https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea [7]: https://github.com/WICG/floc/blob/aaacf84cee6976fadb5deb9cb8705914d705e09f/README.md#opting-out-of-computation [8]: https://wicg.github.io/floc/#permissions-policy-integration