https://make.wordpress.org/core/2021/04/18/proposal-treat-floc-as-a-security-concern/ * About WordPress + About WordPress + WordPress.org + Documentation + Support + Feedback * [ ]Search[Search] * Log In * Register * Notifications Skip to content WordPress.org Search WordPress.org for: [ ] Submit Toggle Menu * Showcase * Learn * Themes * Plugins * Mobile * Support + Documentation + Forums * Get Involved + Five for the Future * About * Blog * Hosting * Get WordPress Menu Make WordPress Core * Tickets * Components * Handbook * Browse Source * Trac Timeline * Create a New Ticket Hide welcome box Welcome! The WordPress coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. development team builds WordPress! Follow this site for general updates, status reports, and the occasional code debate. There's lots of ways to contribute: * Found a bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority.? Create a ticket in our bug tracker. * Want to contribute? Get started quickly with our tickets marked as good first bugs for new contributors or join a bug scrub. There's more on our reports page, like patches needing testing, and on our feature projects page. * Other questions? We also have a detailed handbook for contributors, complete with tutorials. Communication We use Slack for real-time communication. Contributors live all over the world, so there are discussions happening at all hours of the day. Our core development meetings are every Wednesday at 05:00 UTC and 20:00 UTC in the #core channel on Slack. Anyone can join and participate or listen in! [feefb] Carike 2:08 pm on April 18, 2021 Tags: core-privacy ( 48 ) Proposal: Treat FLoC as a security concern Google is rolling out Federated Learning of Cohorts (FLoC) for the Chrome browser. TL;DR: FLoC places people in groups based on their browsing habits to target advertising. Why is this bad? As the Electronic Frontier Foundation explains in their post "Google's FLoC is a terrible idea", placing people in groups based on their browsing habits is likely to facilitate employment, housing and other types of discrimination, as well as predatory targeting of unsophisticated consumers. This is in addition to the privacy concerns of tracking people and sharing their data, seemingly without informed consent - and making it more difficult for legislators and regulators to protect people. So What Now? WordPress powers approximately 41% of the web - and this community can help combat racism, sexism, anti-LGBTQ+ discrimination and discrimination against those with mental illness with four lines of code: function disable_floc($headers) { $headers['Permissions-Policy'] = 'interest-cohort=()'; return $headers; } add_filter('wp_headers', 'disable_floc'); What About Admins Who Want FLoC? Those websites who want to opt into FLoC are likely to have the technical know-how to simply override this proposed filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org /Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.. When balancing the stakeholder interests, the needs of website administrators who are not even aware that this is something that they need to mitigate - and the interests of the users and visitors to those sites, is simply more compelling. Furthermore, for WordPress versions that support privacy settings, we can easily add an on-off toggle to enable websites to opt in. This would only require a few more lines of code and only a couple of new strings. Why Treat It As A Security Concern? Why Not Just Wait For The Next Major Releasemajor release A release, identified by the first two numbers (3.6), which is the focus of a full release cycle and feature development. WordPress uses decimaling count for major release versions, so 2.8, 2.9, 3.0, and 3.1 are sequential and comparable in scope.? Well, keep your eyes peeled, because there is a ticketticket Created for both bug reports and feature development on the bug tracker. for future releases on its way! While it is indeed unusual to treat a new "feature" this way, there is precedent in that something that was not strictly a security vulnerability in comments was back-ported to previous versions for the good of the community as a whole. Currently, 5.8. is only scheduled for July 2021. FLoC will likely be rolling out this month. Furthermore, a significant number of WordPress sites only update to minor versions. By back-porting, we can protect more sites and more visitors to those sites - and amplify the impact. Request For Comment Please join the discussion below! #core-privacy Share this: * Twitter * Facebook * * Login to Reply 1. [9a6] Chris Wiegman 2:30 pm on April 18, 2021 The suggestion of this policy as a security concern is exactly what should happen. I would be happy to provide a coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing. if that would help further this effort. With 40% of the web WordPress has a responsibility to act to protect those who use the sites it is built on. This will go a long way to helping ensure that responsibility is fulfilled. + [90f] Josh Pollock 2:36 pm on April 18, 2021 I agree with Chris strongly. + [594] carlhancock 4:24 pm on April 18, 2021 100%. WordPress should be taking an Apple like stance on privacy with this. + [a3f] heller_benjamin 6:39 pm on April 18, 2021 I agree with Chris. We have a rare opportunity to shape the web for good here! 2. [cee] Hendrik Luehrsen 2:54 pm on April 18, 2021 This is exactly why we have published a pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party for that: https://wordpress.org/plugins/wpm-floc/ But: Considering the plethora of edge cases and differing systems the code to provide a FLoC Opt-Out is a bit more complicated than written above, especially considering the vast amount of caching and hosting solutions that modify HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. headers. As a community member I would like to raise awareness about this topic, the FLoC project itself and its dangers and shortcomings. 3. [a1b] Tim Nash 2:55 pm on April 18, 2021 I'm totally in favour of this as a feature. I feel it's a bigger piece of work then it would intially appear: It needs to check for presence of existing `permisson-policy` headers for starters. My bigger concern is while I agree it's a good idea it needs to be easy to opt out (or rather opt back in) and this has to be available in user accessible way. The obvious solution would be to use the existing privacy controls, and screens as mentioned in the proposal. However this then EXCLUDES the ability to backportbackport A port is when code from one branch (or trunk) is merged into another branch or trunk. Some changes in WordPress point releases are the result of backporting code from trunk to the release branch.. Making it a filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. while this would allow backporting is the WP equivilent of hiding the permissions in HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. headers for browsers. I think that having the feature is worthwhile development even for just the current version. Beyond the practical my second issue for not backporting is that adding a feature blurs the line even more so then it has before, even for a valuable feature as this, but where would it stop, should we backport GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses 'blocks' to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/ gutenberg/? (obviously not, but you get the point). The counter argument is the line has been crossed before, and it opened a can of worms that wasn't solved. If I had one priority preserving the trust in the automatic update system, trumps introducing even genuinely important features. We can educate people about new features if they are willing to listen. TLDR; Love the feature idea, it will need work. Practically it won't be easy to back port, it has potential to damage the trust in automatic updates. Bring the feature into coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. on the next minor update with a UIUI User interface and help show the world WordPress is serious about privacy. 4. [321] Sybre Waaijer 2:58 pm on April 18, 2021 Kill it before it lays eggs. I don't like it when Google follows me around the web, let alone read my entire browser history. Even though that data won't be leaked to Google verbatim, it will harm non-tech savvies and unwelcomely advance fingerprinting. Those who want it enabled on their site can install an ad widget Widget A WordPress Widget is a small block that performs a specific function. You can add these widgets in sidebars also known as widget-ready areas on your web page. WordPress widgets were originally created to provide a simple and easy-to-use way of giving design and structure control of the WordPress theme to the user./blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https:// wordpress.org/plugins/ or can be cost-based plugin from a third-party that adds the option "Track using FLoC." + [51f] firefly2000 5:55 pm on April 18, 2021 !00%! 5. [11f] sebastianlaube 3:36 pm on April 18, 2021 As a user and a privacy aware developer and adminadmin (and super admin), this suggestion has my support. 6. [5b2] Roy Tanck 4:22 pm on April 18, 2021 While I agree that it should be easy to opt back in, I support adding the opt-out headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor's opinion about your content and you/ your organization's brand. It may also look different on different screen sizes. by default. 7. [f48] Celso Bessa 4:53 pm on April 18, 2021 It makes sense to treat it as a security, matter. And, in principle, I agree with @roytanck that it should add the opt-out headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor's opinion about your content and you/ your organization's brand. It may also look different on different screen sizes. by default, but seeing there is (kinda) a tradition in WordPress to let the user decide and if it is not opt-out by default, WP should highlight this issue and present it in a very clear noticeable... notice when the update is released and a very clear help message in the settings pages in the future versions. 8. [274] adamgreenough 5:15 pm on April 18, 2021 Thoroughly support. WordPress is all about owning our own platforms and opt-out tracking is the antithesis of this. An opt-in in the Privacy settings would be great. 9. [a25] Earle Davies 5:28 pm on April 18, 2021 Those websites who want to opt into FLoC are likely to have the technical know-how to simply override this proposed filterFilter Filters are one of the two types of Hooks https: //codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. in CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.. I would argue the opposite, those websites who want to blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. FLoC are likely to have the technical know-how to add in the header Header The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor's opinion about your content and you/ your organization's brand. It may also look different on different screen sizes. and disable it. If someone has heard of FLoC and knows enough about it to want to block it, they're likely already some what tech savvy. Where do we draw the line at what WordPress should be blocking in core for privacy? Will we stop allowing all of Google's current third party tracking cookies? Should WordPress block ALL third party tracking cookies like Facebook too? I would be very surprised in everyone commenting so far here about this privacy setting doesn't have a Facebook, Twitter, or both. Both of those companies track and know infinitely more about you already, and yet you still use their platforms. If people are this passionate about blocking FLoC they should also be as passionate about all privacy and not be supporting and using platforms which don't respect (and even abuse) your privacy in many ways. I support educating users on what FLoC is and its pros / cons, and making sure it's easy to have ways to disable it. But calling it a "Security concern" is just absolutely false and sets a dangerous precedent for what is security, and what is privacy. + [5b2] Roy Tanck 5:48 pm on April 18, 2021 I in fact do not have a Facebook account. Something I can absolutely recommend. But that is not the point. Third party cookies are already going away, and the last thing we need is an opaque replacement that works "95% as well" (Google's own words). The web currently is a tracking nightmare, and I think it aligns perfectly with WordPress's mission and values to block Block Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. intrusive technologies that have no benefit for the end user. 10. [308] dmccan 5:39 pm on April 18, 2021 Thank you for bringing this forward. FLoC is problematic in many ways. Users are opted in without notice. It is being tested before there are tools in place to monitor and fix issues. When those tools are in place, Google will try to fix issues with FLoC cohorts by accumulating massive amounts of data about users and then see what it thinks is being leaked and whether or not that is acceptable. It is out of people's control. The cohort you are in can be used to identify your income bracket, political affiliations and any number of other dimensions. Cohorts will greatly increase the problem of targeting and creating information bubbles / silos for the spread of disinformation. There is a reason why every privacy conscious browser will not support it. If a workable solution is available for the current version of WordPress but is problematic to backportbackport A port is when code from one branch (or trunk) is merged into another branch or trunk. Some changes in WordPress point releases are the result of backporting code from trunk to the release branch. immediately, I'd be in favor of implementing it in stages. 11. [15c] fazalmajid 6:18 pm on April 18, 2021 Append it to the permissions-policy headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor's opinion about your content and you/ your organization's brand. It may also look different on different screen sizes., don't just replace the header. That's because permissions-policy covers more than just disabling FLoC. I myself do the full monty of disabling everything: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), serial=(), sync-script=(), trust-token-redemption=(), vertical-scroll=(), notifications=(), push=(), speaker=(), vibrate=(), interest-cohort=() 12. [d29] Raaj Trambadia 7:17 pm on April 18, 2021 Strongly support this +1 13. [282] pepe 7:37 pm on April 18, 2021 I strongly agree that this needs to be treated as a security issuesecurity issue A security issue is a type of bug that can affect the security of WordPress installations. Specifically, it is a report of a bug that you have found in the WordPress core code, and that you have determined can be used to gain some level of access to a site running WordPress that you should not have. and, as always, privacy should be the default. 14. [c57] Ryan McCue 8:37 pm on April 18, 2021 While I agree with the overall sentiment here, I think it is a mistake to treat this as a security update and risks abusing user trust in automatic updates. To call it a security update appears to me to be intentionally misusing the term in order to roll it out via automatic updates. The implicit contract with users for security autoupdates is that they are used in order to protect the user from their site (data or codebase) being compromised imminently. This isn't the case with FLoC, and may in some cases damage the site's behaviour. I'm on board for the political statement of countering Chrome's encroachment on privacy, as well as the alignment of this with WP's values generally, but making this change as a "security" update is a step too far. More concretely: as someone who operates a hosting service where we keep users up-to-date with security patches, this changes our approach substantially. Right now, we can confidently roll out security updates trusting the update has minimal effect outside of purely security changes, but breaching that barrier means that now scrutiny needs to be applied to every security update in order to avoid rolling out potentially breaking changes to our clients. That erosion of trust would ultimately hurt WP's users. 15. [e6a] aranr 9:21 pm on April 18, 2021 Support the change, however, the patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing. suggested could overwrite existing `Permissions-Policy` headers, when this should instead be appended if one already exists 16. [ff0] Manzoor Wani 10:46 pm on April 18, 2021 +1 Leave a Reply Cancel reply You must be logged in to post a comment. This site uses Akismet to reduce spam. Learn how your comment data is processed. Post navigation - DevChat meeting Summary - April 14, 2021 Search [ ] [Search] Email Updates Enter your email address to subscribe to this blog and receive notifications of new posts by email. Join 4,897 other subscribers Email Address [ ] Subscribe * Recent Updates * Recent Comments * No Replies [Recent Updates ] Current Release The current release in progress is WordPress 5.8. Planned future releases are listed on the Project Roadmap. Feature projects not tied to specific releases can be found on the Features page. Regular Chats Note: All chats happen on Slack. * Weekly Developer Meetings + Wednesday 05:00 UTC in #core + Wednesday 20:00 UTC in #core * About the Dev Chat * Agendas | Summaries --------------------------------------------------------------------- * APAC Triage Sessions Tuesday 5:00 UTC alternating between #core and #core-editor * JavaScript Weekly Chat Tuesday 14:00 UTC in #core-js * Multisite Weekly Chat Tuesday 17:00 UTC in #core-multisite * REST API Weekly Chat Thursday 18:00 UTC in #core-restapi * Editor Weekly Chat Wednesday 14:00 UTC in #core-editor * New Contributors Chat Wednesday 19:00 UTC in #core * Images/Media Weekly Chat Thursday 15:00 UTC in #core-media * CSS Weekly Chat Thursday 21:00 UTC in #core-css * Customize Weekly Chat Monday 19:00 UTC in #core-customize --------------------------------------------------------------------- See all meetings - Recent Posts and Comments Team Pledges 971 people have pledged time to contribute to Core Team efforts! When looking for help on a project or program, try starting by reaching out to them! * About * Blog * Hosting * Donate * Support * Developers * Get Involved * Learn * Showcase * Plugins * Themes * WordCamp * WordPress.TV * BuddyPress * bbPress * WordPress.com * Matt * Privacy * Public Code * @WordPress * WordPress Code is Poetry. s search c compose new post r reply e edit t go to top j go to the next post or comment k go to the previous post or comment o toggle comment visibility esc cancel edit post or comment Please enable JavaScript to view this page properly.