From 7896142b66a57de4a960487bc3ea5fcec187d2e2 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Fri, 16 Apr 2021 02:12:47 +0200
Subject: [PATCH] Add banner to call out FLOC victims and inform them

This patch adds a simple little banner to the blog that pops up when a
browser implements the FLOC API. In order to do this, it detects if the
FLOC function to recieve the "Cohort ID" `document.interestCohort()` is
implemented. [1]

Goal of the banner is to allow users to make an informed choice if they
want their browser to scan their browsing history in order to categorise
them before using this category to provide ads. Hopefully it triggers a
little bit of backlash.

If you are here and wonder what FLOC is: FLOC is a new standard designed
by Google to replace tracking via third-party cookies by replacing those
with the so-called cohort IDs. Cohort IDs are IDs provided by a browser
vendor that try to identify a users interest in order to provider
targeted ads, based on browsing history and other activities within the
browser.

This technique is flawed on multiple levels as it raises concerns
towards other, non-google, advertisement companies that are unable to
provide any comparable service due to not owning a browser with the
majority of market share. [6]

But even more important privacy concerns towards the browser as browser
vendors require to collect a certain amount of data from their users in
order to provide an algorithm that can actually perform the history
analysis to categories the user into cohorts. [2] [5]

Further, valid privacy concerns exist, that the correlation of cohort
IDs can identify a user uniquely by correlating sets cohort IDs over
time. [3]

Finally it's questionable how the proposal, that is talking about
excluding "sensitive categories" will actually be implemented. Given the
diversity of the worlds minds and opinions on what is and what is not
sensitive, it's rather questionable that this won't end up limiting,
basically censoring certain topics, or preventing valid users to be
reached about certain topics. [4]

Since FLOC is by default only opt-out at this point in time, for all
browsers that implement it, various server admins use the opt-out
feature, namely a HTTP header `Permissions-Policy: interest-cohort=()`
to keep their user "safe" from this abuse. [7] [8]

However, this will not only force server-admins to act based on Google
bad decisions, which basically is a bow to Google's power, but also
leaves users open to further abuse if Google ever decides to ignore this
header in the future. Therefore this warning hopefully informs the user
about the potential risk and leaves it to themselves to decide whether
they want to continue to fall vicitm to Google's plays or ask their
government to BAN TARGETED ADVERTISEMENT. (Meanwhile just switching the
browser would also help already, but is not always easily possible.)

[1]: https://wicg.github.io/floc/
[2]: https://wicg.github.io/floc/#input-and-output
[3]: https://github.com/WICG/floc/issues/100
[4]: https://matrix.to/#/!DWmRLxicsCapNUUlIQ:matrix.org/$161852570074ceyIc:shivering-isles.com?via=shivering-isles.com&via=matrix.org&via=kif.rocks
[5]: https://github.com/WICG/floc/blob/aaacf84cee6976fadb5deb9cb8705914d705e09f/README.md#proof-of-concept-experiment
[6]: https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
[7]: https://github.com/WICG/floc/blob/aaacf84cee6976fadb5deb9cb8705914d705e09f/README.md#opting-out-of-computation
[8]: https://wicg.github.io/floc/#permissions-policy-integration
---
 _includes/floc-warning.html |  1 +
 _layouts/default.html       |  1 +
 _sass/uno.scss              | 17 +++++++++++++++++
 assets/js/main.js           |  7 +++++++
 4 files changed, 26 insertions(+)
 create mode 100644 _includes/floc-warning.html

diff --git a/_includes/floc-warning.html b/_includes/floc-warning.html
new file mode 100644
index 00000000..3d9b6f77
--- /dev/null
+++ b/_includes/floc-warning.html
@@ -0,0 +1 @@
+<div class="cohort-victim-info">Your browser implements <a href="https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea" target="_blank" rel="noopener noreferrer">Google's FLOC</a> standard and spys on you. Good Luck!</div>
diff --git a/_layouts/default.html b/_layouts/default.html
index c092eac6..cb24a8b7 100644
--- a/_layouts/default.html
+++ b/_layouts/default.html
@@ -3,6 +3,7 @@
   {% include head.html %}
 
   <body>
+    {% include floc-warning.html %}
     {% include header.html %}
 
     <div class="content-wrapper">
diff --git a/_sass/uno.scss b/_sass/uno.scss
index 29fd1efb..cb948eb4 100644
--- a/_sass/uno.scss
+++ b/_sass/uno.scss
@@ -811,6 +811,23 @@ i {
 	outline: none;
 }
 
+.cohort-victim-info {
+	display: none;
+}
+
+.cohort-victim-info.visible {
+	display: block;
+	// position: absolute;
+	left: 0;
+	z-index: 1000;
+	background: yellow;
+	width: 100%;
+	text-align: center;
+	font-size: 24px;
+	padding-top: 0.5em;
+	padding-bottom: 0.5em;
+}
+
 input[type="text"],
 input[type="password"],
 input[type="datetime"],
diff --git a/assets/js/main.js b/assets/js/main.js
index 0e661163..ca0df5b7 100644
--- a/assets/js/main.js
+++ b/assets/js/main.js
@@ -53,4 +53,11 @@ ready(function() {
       })
     })
   })
+
+  // fun little project to call out floc victims
+  if (typeof document.interestCohort === 'function') {
+    document.querySelectorAll('.cohort-victim-info').forEach(function(selected) {
+      toggleClass(selected, 'visible')
+    })
+  }
 })
-- 
GitLab