Skip to content
  • Sheogorath's avatar
    Add banner to call out FLOC victims and inform them · 7896142b
    Sheogorath authored
    This patch adds a simple little banner to the blog that pops up when a
    browser implements the FLOC API. In order to do this, it detects if the
    FLOC function to recieve the "Cohort ID" `document.interestCohort()` is
    implemented. [1]
    
    Goal of the banner is to allow users to make an informed choice if they
    want their browser to scan their browsing history in order to categorise
    them before using this category to provide ads. Hopefully it triggers a
    little bit of backlash.
    
    If you are here and wonder what FLOC is: FLOC is a new standard designed
    by Google to replace tracking via third-party cookies by replacing those
    with the so-called cohort IDs. Cohort IDs are IDs provided by a browser
    vendor that try to identify a users interest in order to provider
    targeted ads, based on browsing history and other activities within the
    browser.
    
    This technique is flawed on multiple levels as it raises concerns
    towards other, non-google, advertisement companies that are unable to
    provide any comparable service due to not owning a browser with the
    majority of market share. [6]
    
    But even more important privacy concerns towards the browser as browser
    vendors require to collect a certain amount of data from their users in
    order to provide an algorithm that can actually perform the history
    analysis to categories the user into cohorts. [2] [5]
    
    Further, valid privacy concerns exist, that the correlation of cohort
    IDs can identify a user uniquely by correlating sets cohort IDs over
    time. [3]
    
    Finally it's questionable how the proposal, that is talking about
    excluding "sensitive categories" will actually be implemented. Given the
    diversity of the worlds minds and opinions on what is and what is not
    sensitive, it's rather questionable that this won't end up limiting,
    basically censoring certain topics, or preventing valid users to be
    reached about certain topics. [4]
    
    Since FLOC is by default only opt-out at this point in time, for all
    browsers that implement it, various server admins use the opt-out
    feature, namely a HTTP header `Permissions-Policy: interest-cohort=()`
    to keep their user "safe" from this abuse. [7] [8]
    
    However, this will not only force server-admins to act based on Google
    bad decisions, which basically is a bow to Google's power, but also
    leaves users open to further abuse if Google ever decides to ignore this
    header in the future. Therefore this warning hopefully informs the user
    about the potential risk and leaves it to themselves to decide whether
    they want to continue to fall vicitm to Google's plays or ask their
    government to BAN TARGETED ADVERTISEMENT. (Meanwhile just switching the
    browser would also help already, but is not always easily possible.)
    
    [1]: https://wicg.github.io/floc/
    [2]: https://wicg.github.io/floc/#input-and-output
    [3]: https://github.com/WICG/floc/issues/100
    [4]: https://matrix.to/#/!DWmRLxicsCapNUUlIQ:matrix.org/$161852570074ceyIc:shivering-isles.com?via=shivering-isles.com&via=matrix.org&via=kif.rocks
    [5]: https://github.com/WICG/floc/blob/aaacf84cee6976fadb5deb9cb8705914d705e09f/README.md#proof-of-concept-experiment
    [6]: https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
    [7]: https://github.com/WICG/floc/blob/aaacf84cee6976fadb5deb9cb8705914d705e09f/README.md#opting-out-of-computation
    [8]: https://wicg.github.io/floc/#permissions-policy-integration
    7896142b