[HN Gopher] Proposal: Treat FLoC as a security concern
___________________________________________________________________
Proposal: Treat FLoC as a security concern
Author : meattle
Score : 362 points
Date : 2021-04-18 16:51 UTC (6 hours ago)
(HTM) web link (make.wordpress.org)
(TXT) w3m dump (make.wordpress.org)
| cblconfederate wrote:
| I mean if we are going to be subject to mandatory profiling, why
| not take brave's approach of paying users directly for the apps
| they see cutting out the middlemen
| hirsin wrote:
| A comment in the WP post brings up the malicious nature of FLOC
| opt-out - it requires base layer changes to your site. Google
| knows from Samesite that it requires "your app is going to break"
| levels of urgency to get old sites to update, and can likely
| follow the dots to how an opt-out is much less likely to be used
| than an opt in.
|
| This feels like something that should get more
| attention/discussion. It flew for Samesite because "better
| security defaults" is a good argument. Not sure it works that way
| for FLOC.
|
| Despite being involved in the Samesite rollout I hadn't quite
| made the same connection as that commenter, as I am not as
| connected to the FLOC work.
| dogman144 wrote:
| It's a opportunity to put priv engineering techniques to the test
| in prod, at least. That's 100% the main thing that stands out
| here.
|
| In the raw browser history, prior to ~hashing it to a FLoC ID,
| can Google anon PII while still maintaining good data analytics
| from the rest* of the dataset's fields?
|
| Priv engineer, as an engineering discipline, would argue yes.
|
| If this is what Google does and the privacy is put through its
| paces (can a FLoC ID de-anon into a user?), then yeah this isn't
| a bad trade off.
|
| Use case: Google has to make money, I love Chrome's and GSuite's
| UX, priv eng'ing lets them use my data to pay for that UX while
| moving all the tracking in-house and ending 3rd party cookies.
| McDyver wrote:
| Lately the loss of security, increased tracking, etc are very
| pressing issues, which the "general public" is not aware of.
| Would it be feasible, or actually doable, to create an wareness
| month - a la Movember? This would help to shine some light on
| what is being done by major corporations, and which affects
| everyone.
| adfauke wrote:
| Sectember?
| hansoolo wrote:
| Proposal: use Firefox
| Black101 wrote:
| Although Firefox keeps getting worst, it is still a good
| alternative to Chrome... at least on PC... Firefox mobile
| stripped too many features from the latest version.
| mark_and_sweep wrote:
| FLoC cohort computation only triggers on websites which call the
| document.interestCohort API or load ads.
|
| This is not quite an opt-in. But a blanket opt-out isn't
| necessary either.
| qyi wrote:
| I mean yes, web ads have been used to hack people for decades.
| Just put your code in the ad and steal his cookies (and the next
| 10 issues after that gets patched by the ad service). It was a
| favorite topic in blackhat presentations. At the end of the day
| there is no way to do ads securely, aside from maybe JPEG ads.
| People don't seem to understand that adding more bloat to the web
| (which is already a terribly insecure and inefficient way to
| implement software) directly reduces the security of online
| banking and e-commerce.
|
| disclosure: I don't know what FLoC is, and the OP page doesn't
| load. Seems to be something about web ads security.
| Google234 wrote:
| Nope.
| tacticalblue wrote:
| Can someone explain how FLoC works like I am five ?
| dang wrote:
| The submitted title was "WordPress Proposal to Treat Google's
| FLoC as a Security Concern". That makes it sound like Wordpress
| itself is officially making this proposal. Is it? The page
| doesn't look like that to me.
|
| We've reverted the title in keeping with the site rule: " _Please
| use the original title, unless it is misleading or linkbait; don
| 't editorialize._"
| (https://news.ycombinator.com/newsguidelines.html).
| rmccue wrote:
| I'm a WordPress committer and (somewhat former) owner of some
| large parts of WordPress. This is correct; the Make blogs can
| be posted to by many members of the project, and this does not
| indicate a decision or "official" word by any means. (I could
| create a Make post right now with a counter-proposal if I
| wanted.) It's not a proposal by the WordPress Foundation, nor
| by any of the project's leads.
|
| However, this does have more gravitas than a random blog post
| elsewhere, as those with the ability to publish are
| contributors to the project who have made significant
| contributions.
|
| Take this post as if it's an emailed proposal to a project's
| mailing list.
| dang wrote:
| Thanks! In that case, the article's original title, appearing
| next to the domain make.wordpress.com, seems right.
| r1ch wrote:
| The page does seem to be the official wordpress development
| blog, linked from wordpress.org's "get involved" page.
|
| "The WordPress core development team builds WordPress! Follow
| this site for general updates, status reports, and the
| occasional code debate."
| NotEvil wrote:
| This is make.wordpress.org kinda like a issue tracker for
| WordPress core
| rmccue wrote:
| It's closer to a mailing list than an issue tracker; Trac
| (https://core.trac.wordpress.org) is the issue tracker.
| neolog wrote:
| > That makes it sound like Wordpress itself is officially
| making this proposal. Is it?
|
| Seems like it is to me.
| dang wrote:
| It looks like it to some and not to others, which is already
| confusing if it's an official proposal.
| neolog wrote:
| Clicking on the author's user profile [1] says they're a
| "Core Contributor". So maybe not the Wordpress org itself
| making the proposal but a core team member.
|
| [1] https://profiles.wordpress.org/carike/
| rmccue wrote:
| "Core Contributor" indicates they have contributed
| patches to WordPress previously and received
| acknowledgement (props) in the commit message, or have
| otherwise contributed to the Core component (i.e. the
| codebase, as opposed to Support/etc). It doesn't indicate
| commit access or project leadership necessarily.
|
| That said, only significant contributors get access to
| post to Make.
| SpicyLemonZest wrote:
| I think this is starting to get to the level of a moral panic. I
| respect that these developers think FLoC is bad, but what does it
| have to do with the WordPress project?
| quotemstr wrote:
| In the age of social media, the loudest voices are frequently
| intolerant minorities who've virtue-spiraled themselves into
| extreme positions. The current opposition to FLoC is a great
| example of this phenomenon in action.
| gman83 wrote:
| It's just HN. It's just like the reaction to AMP on this board.
| Most clients like the feature if it speeds up the site and
| brings more visitors to the site. Here, you'd think it
| represents the end of the internet or something.
| slver wrote:
| If we have to be fair, Google didn't build a browser, an
| email service, a free DNS service, and free
| hosting/optimization service (AMP) just because, y'know,
| whatever.
|
| I tend to roll my eyes at the blind hatred of corporations,
| but we also have to have both feet firmly on the ground, that
| these products and services are strictly tied to long-term
| plans for ROI. What kind of a ROI would the biggest
| advertising network have? Tracking, profiling and serving
| profiled ads.
| x0x0 wrote:
| Look at gmail: I pay $60/year-ish for Fastmail. Gmail is at
| least that good. So is the purpose of gmail to have a cross
| device stable identifier? Absolutely. Are people realizing
| tons of value from it for free? Also yes.
| ajnin wrote:
| With the death of third-party cookies Google is trying to force
| browsers to add enough bits of entropy so that the same level of
| user tracking can be achieved through fingerprinting instead.
| Simple as that. The fact that Google is rolling this out right
| now but their plans to reduce fingerprinting move much more
| slowly, if at all, is telling. This absolutely needs to be
| treated as the massive privacy leak that it is.
| jimbob45 wrote:
| Can't you just switch to a Chromium fork without the FLoC? If
| they were closed-source, I think I would agree.
| thisarticle wrote:
| How many people who use Chrome can or will even know to do
| so? Tech oriented people already have alternatives.
| JeremyNT wrote:
| Sure, "you" - as a reader of hacker news - can use Firefox
| (or a chromium fork). The problem is that most normal users
| have no idea about any of this stuff, and no understanding of
| why they might want to switch.
| anchpop wrote:
| > Simple as that.
|
| Not quite? Maybe this will add more bits that will be useful
| for fingerprinting, but this seems like an absurd way for
| google to go about making it easier to fingerprint browsers,
| considering that most browsing happens over Chrome where Google
| can see what pages everyone visits anyway. And Google is
| currently proposing adding anti-fingerprinting measures [0]
| that observe how many bits of information a website has
| gathered and block API access after it reaches a certain
| threshold.
|
| A straightforward analysis of Google's motivations makes sense
| here: they want to keep their ad business profitable while
| improving their reputation on privacy. FLOC allows targeted
| ads, keeping their business profitable, and doesn't rely 3rd
| parties observing your browser history, improving privacy.
|
| From https://web.dev/floc/ :
|
| > With FLoC, the browser does not share its browsing history
| with the FLoC service or anyone else. The browser, on the
| user's device, works out which cohort it belongs to. The user's
| browsing history never leaves the device.
|
| > There will be thousands of browsers in each cohort.
|
| A further privacy improvement is that they're designing it to
| avoid leaking whether you're a member of a "sensivitive
| category":
|
| > The clustering algorithm used to construct the FLoC cohort
| model is designed to evaluate whether a cohort may be
| correlated with sensitive categories, without learning why a
| category is sensitive. Cohorts that might reveal sensitive
| categories such as race, sexuality, or medical history will be
| blocked. In other words, when working out its cohort, a browser
| will only be choosing between cohorts that won't reveal
| sensitive categories.
|
| [0]: https://techcrunch.com/2019/08/22/google-proposes-new-
| privac...
| Flocular wrote:
| Can't privacy concious browser defeat FLoC simply by sending
| random cohort IDs on each request?
| izacus wrote:
| That would require admitting that moving the tracking process
| to client-side actually improves on status quo (by not
| collecting data on the server).
|
| While the whole framing of EFF et. al. is put in a way that
| does not allow for even a small doubt that the proposal is just
| the worst thing ever with no redeeming qualities. That framing
| disallows working within this feature to modify browsers to
| send the required headers.
| Flocular wrote:
| not at all if you're not taking part in the data collection
| at all and are just sending noise on the channel. I guess
| chrome could counter DRM-signing the cohort-id or something
| speedgoose wrote:
| I would believe that random noise is easy to filter when you
| are Google.
| NotEvil wrote:
| Depends upon the noise, But even if they filter it out it
| will get the desired result of not having a cohart id. In
| case of opting out you are in the default don't like privacy
| invasive cohart
| blakesterz wrote:
| I am hopeful that this will help get rid of FLoC but I worry
| about two things. One, this will end up being treated like the
| "no track" headers. That's just totally ignored after IE (was it
| IE?) enabled it be default. That gave all the trackers a reason
| to just ignore it and track everyone. I don't know if that exact
| same thing can happen here, but something similar maybe? The
| other thing I worry about is that FLoC 2.0 or whatever might
| replace it, will be worse.
|
| "Kill it before it lays eggs." but do we worry about what evolves
| from this if it dies?
| clankyclanker wrote:
| What's to say Chrome will actually respect the opt-out headers
| in the first place? It could easily go like the DNT-headers,
| which was just interpreted as a signal to please-track-harder.
| izacus wrote:
| > "Kill it before it lays eggs." but do we worry about what
| evolves from this if it dies?
|
| Nothing really evolves here - status quo is what stays. You
| continue to be tracked head to arse on everyones servers, the
| media keeps adding 150 trackers to every webpage and the
| internet moves on.
|
| Thinking that one of the biggest profit making industries in US
| will just go away if you scream loud enough on HN is utterly
| naive and will require a better push. This approach is
| inherently negative and just STOPS a process - but it doesn't
| IMPROVE on the current state and that will require more work.
|
| I'm not quite sure what that work would be though - it seems
| that current approach is "this gigantic multibillon industry
| must be banned and completely destroyed" which is great on a
| personal level, but I don't feel like it's realistic on a
| purely political level.
| x0x0 wrote:
| Also, nearly $125B was spent on internet advertising in the
| US in 2020, per the first estimate I found on the internet
| [1]. While Google and Facebook keep huge chunks of that, my
| guess is at least 40% flows through to publishers. So that's
| a $50B revenue stream to publishers (all sorts of web sites,
| including news; apps, musicians (via spotify and so forth))
| that we're talking about breaking. I really don't believe
| people have thought through all the effects of that. Not
| least of which is seeing almost all (reliable) news behind a
| paywall.
|
| [1] https://www.statista.com/statistics/183523/online-
| advertisem...
| cortesoft wrote:
| So if suddenly all tracking stopped, advertisers would just
| stop spending money on advertising? That doesn't seem
| right... advertisers published ads before tracking was a
| thing, they would still do it if tracking becomes
| impossible.
| x0x0 wrote:
| Huge amounts of it, yes -- particularly since the anti-
| floc people (which, to be blunt, I'm not in love with,
| particularly Google just deciding to do this on their
| own) tend to also be in the break 3rd party cookies camp.
|
| With respect to eg brand advertising: even if you get
| past an inability to measure impact, once you break most
| of the ad infra, ad buyers simply aren't going to
| negotiate / buy with small sites. It's not worth their
| time or money. Small here is probably less than millions
| of uniques per day.
|
| With respect to direct response advertising, you've
| mostly lost the ability to track a conversion. So it
| becomes pointless.
|
| The advertising before extensive tracking was a different
| time: way way less money, way fewer ads, way less ad
| blindness amongst viewers, way way way fewer publishers,
| etc.
|
| Will some advertising persist? Absolutely. eg the branded
| / source trackable referral codes that podcast
| advertising uses. But there will be an enormous falloff
| in dollars pointed at publishers.
|
| And to be clear, I'm not a fan of 3rd party tracking. But
| we should be deliberate before we end the ad-supported
| internet.
| Closi wrote:
| Of course you can track ad impact and conversion - you
| just direct the ad to a certain url and see how many hits
| you get.
|
| And banning extensive user tracking doesn't mean "ending
| the ad supported internet", that's sensationalist to the
| max!
|
| To suggest that ending tracking would mean that sites
| have to individually negotiate ads with individual
| websites isn't true either - ad networks have and will
| always be a thing, regardless of the ability to track.
| cortesoft wrote:
| First, you could still track a direct response conversion
| by including information in the url for if they click on
| it. You can still even track impressions by measuring
| requests.
|
| Second, if this will truly cause a drop in advertising
| spend.... then that money will be spent somewhere else,
| which might boost a different industry.
|
| I don't think this would really change advertising spend,
| though... it would just change the type of advertising
| and how it is tracked/paid for.
|
| Advertisers still want to get their ads in front of
| people, and the amount of content to advertising demand
| wouldn't change.
|
| In fact, I think a change to content based advertising
| will help with content quality. With user based
| advertising, an advertiser doesn't care if the valuable
| person is viewing good content or not. Content creators
| just need to attract the valuable eyeballs, and can use
| as much click bait and useless content as possible to get
| them.
|
| With content based advertising, the advertiser will spend
| on quality content, because that is the only metric they
| have to try to reach quality users.
| idreyn wrote:
| The ad infrastructure can still exist -- it would just
| have a restricted set of data (IP, device fingerprint,
| the surrounding content, and whatever info the first-
| party publisher voluntarily submits about you) to decide
| what ad to serve. Small, niche websites may do better
| than big news sites under this regime since you can infer
| more about their visitors by the fact that they chose to
| visit.
|
| I could see bigger sites expending a lot of energy trying
| to bring the tracking and inference in-house, and even
| federating these efforts, creating a kind of soft-paywall
| that requires you to "pay" by validating an email address
| or some other stable identity marker in exchange for
| temporary access to content, so they can watch what you
| browse and build a shared model of you that they can feed
| back into the ad networks. I could see the NYT continuing
| to manipulate and fine-tune its headlines and graphics,
| trying to sort its visitors into cohorts based on what
| appeals to them to squeeze every last cent out of a
| pageview.
|
| At the same time, so much content discovery and
| consumption happens in the belly of the beast (Facebook,
| Google, Youtube) that most ads will continue to be
| targeted based on the considerable information those
| websites have about you, regardless of what browsers do
| or what happens to third-party tracker networks.
| roody15 wrote:
| yes it's called contextual advertising and it's fine.
| Visit a camping website and companies pay to advertise
| camping gear, travel , etc. Visit a video game review
| site companies pay to advertise new games, systems etc.
|
| The very idea that a user needs to be tracked from site
| to site and a profile built around his/her web activity
| is dystopian and depressing.
| candiodari wrote:
| The key, of course, is that the big successes of
| advertising, cannot use contextual advertising (much). On
| Facebook/instagram/... it just doesn't work, as there
| isn't much context to the posts.
| feanaro wrote:
| I feel news was of better quality 15 years ago than today
| so I wouldn't mind going back to that state of the world.
| And 15 years ago pervasive tracking wasn't a thing. So yes,
| please, let's kill it with fire.
| Santosh83 wrote:
| Only govt action will work. That too concerted action by
| several national govts.
| extropy wrote:
| The govt action is the shitty way out. This all is a
| classic there is not enough to go around situation. Govt
| regulation will make it more entrenched and "manageable".
|
| The best outcome is to come up with a fundamentally better
| business model. Something that satisfies seller's desire to
| promote their products and customers desire to feel
| respected and important. Preferably cutting out a middleman
| and reducing costs of doing business at the same time.
| foobiter wrote:
| There's no business model better than exploitation, as
| evidenced by all of history. Nearly 100% of worker and
| consumer rights come from government regulation in some
| form.
| pdonis wrote:
| _> The best outcome is to come up with a fundamentally
| better business model_
|
| A fundamentally better business model already exists:
| make users into customers. Google should charge users
| directly for the services they use. Then they wouldn't
| need to resort to all these underhanded tactics to try to
| monetize their valuable services. They could just
| monetize them directly.
|
| Of course this is highly unlikely to happen now that
| everyone is conditioned to expect valuable services like
| Google's to be available for "free". But they're _not_
| free and never have been: the only question is how we pay
| the costs. Right now we pay those costs with our personal
| data and our attention, plus the time and effort we have
| to spend to try to push back against our personal data
| being monetized and our attention being incessantly
| competed for by advertisers. I would gladly pay in money
| to make those non-monetary costs go away. Perhaps I am an
| outlier and not many people would. But that just means we
| pay the costs in other ways that end up being even more
| costly than the direct money costs would be.
| jakelazaroff wrote:
| Fundamentally better for whom? Do you think Google has
| never considered that business model? I think it's much
| more likely that they've put a considerable amount of
| effort and research into it, and concluded that their
| current business model will let them extract the most
| money from their products.
|
| That's why we need regulation. Under these market
| conditions, Google's business model _does_ appear to be
| the best for them.
| pdonis wrote:
| _> Fundamentally better for whom?_
|
| In the long run it's better for everybody. But it is true
| that "the long run" can be pretty long.
|
| _> Do you think Google has never considered that
| business model?_
|
| I think Google probably considered it early on but found
| it easier to go the way they actually went. But "easier"
| is not the same as "best in the long run".
|
| _> their current business model will let them extract
| the most money from their products_
|
| Google doesn't have products, they have services. And of
| course, since their services are free to users and users
| are now addicted to that, they can obviously extract more
| money with their current business model since they have
| made a concerted effort to make the "users as customers"
| business model impossible.
|
| However, their current business model was being built
| during the same time period when "Don't be evil" was
| still the company's motto and still apparently taken
| seriously by company leaders. Which means those leaders
| were either very disingenuous or delusional. Because
| addicting people to a free service and then exploiting
| them and their personal data in order to make the money
| they can't make from the users directly, as customers, is
| evil. And trying to keep their current business model
| propped up in the face of users becoming increasingly
| aware of the ways in which they are being exploited, is
| only going to force Google to be more and more evil.
| Sooner or later, if it doesn't change, it will kill
| Google as a company.
|
| _> That's why we need regulation._
|
| Regulation won't fix this problem. Corporations can
| always either buy their way around regulations (oh,
| another million dollar fine because we broke regulation
| XYZ about exploiting user data? just rounding error in
| our accounting) or buy enough influence to get the
| regulations written so they don't actually impose a
| burden on them (but _do_ impose a huge burden on
| potential competitors, the new startups that would
| otherwise be finding ways to disrupt Google 's current
| business model, since users are clearly becoming
| dissatisfied with it).
|
| The only thing that will fix this problem in the long run
| is for users to realize that there is no such thing as a
| service that is (a) free and (b) valuable. We are going
| to pay the costs somehow. The simplest way to pay them--
| with money--is also, in the long run, the best.
| hobs wrote:
| As soon as you invent that you will be bought out or
| strong armed out, it is very rare for a new niche to be
| established wholesale.
| po1nt wrote:
| Do you remember Snowden story?
| sneak wrote:
| Developing a browser (or forking the existing one) with
| comprehensive anti-tracking features would also work.
|
| There are a half-dozen plugins one can add to Ungoogled
| Chromium to browse the web in (relative) safety. It's not a
| nation-state level undertaking: six or seven figures.
|
| The problem really comes from apps, which are loaded to the
| gills with spyware.
| berkes wrote:
| We should keep in mind _why_ Google invests in FLoC, though.
|
| Either they realize third party cookies are on a (regulated)
| dead end. Or they realize there is a bigger moat. Or
| something else that helps them.
|
| But in any case, seeing the current Google, this is not
| something benefitting their users(products?) primarily.
| Unless some benefits accidentally aligned.
|
| So, pushing back towards the broken status quo may be the
| right thing, if you know, or believe, how Google is going to
| benefit from the new FLoC.
|
| I cannot evaluate that. But Googles track record does not
| offer me confidence their new tech is going to help me
| overcome the issues I have with the status quo.
| ysavir wrote:
| Are you sure it won't evolve into that anyway? Google isn't
| looking at FLoC as a compromise, it's just an intermediary
| while they continue their ever-lasting search to optimize their
| ad services. The next Big Thing will arrive whether or not FLoC
| is allowed to exist.
| ocdtrekkie wrote:
| We're already successfully killing third party cookies and most
| browser fingerprinting strategies. This is an attempt by a
| browser to build an intentionally user hostile mechanic to
| compensate, but we can kill this too.
|
| We just need to continue to make it increasingly impractical
| and expensive to track users until it stops being considered a
| viable business strategy.
| skybrian wrote:
| What do you mean? They are widely used, which seems far from
| dead. Aren't you declaring victory too early?
| ocdtrekkie wrote:
| These are strategies that are being aggressively
| restricted. Chrome has not started preventing third party
| cookies _yet_ , but they're the last holdout and have
| already stated they will kill them shortly.
|
| If you're using a non-user-hostile browser, these
| strategies are already heavily limited by default and are
| already not a concern. Every Firefox release is making
| significant improvements on reducing the fingerprinting
| footprint of the browser, and several user-hostile API
| features proposed by Google have been rejected by them and
| Safari to prevent expanded fingerprinting.
| skybrian wrote:
| Okay, I still think it's too soon to declare victory
| until Chrome actually does it. It could be delayed.
| jefftk wrote:
| _> Chrome has not started preventing third party cookies
| yet, but they 're the last holdout and have already
| stated they will kill them shortly._
|
| Chrome's original announcement about phasing out third-
| party cookies is explicit about new technologies like
| Privacy Sandbox (which includes FLoc) being how third-
| party cookies will no longer be needed:
|
| "After initial dialogue with the web community, we are
| confident that with continued iteration and feedback,
| privacy-preserving and open-standard mechanisms like the
| Privacy Sandbox can sustain a healthy, ad-supported web
| in a way that will render third-party cookies obsolete.
| Once these approaches have addressed the needs of users,
| publishers, and advertisers, and we have developed the
| tools to mitigate workarounds, we plan to phase out
| support for third-party cookies in Chrome. Our intention
| is to do this within two years." --
| https://blog.chromium.org/2020/01/building-more-private-
| web-...
|
| (Disclosure: I work on ads at Google, speaking only for
| myself)
| ocdtrekkie wrote:
| Rhetorical thought question: How long could Chrome
| survive as the only browser which refuses to stop
| tracking users? The idea that Chrome was the fastest or
| best browser has fallen pretty far out and behind those
| which block tracking scripts and ad content, and two
| alternatives to Google straight up pay users to use them,
| where's the carrot for using Chrome?
| thejohnconway wrote:
| Safari and Firefox already block them by default, and
| Chrome is set to block them before 2022:
| https://www.wired.co.uk/article/google-chrome-cookies-
| third-...
|
| The FLoC proposal (and others) are happening now because of
| the coming cookiepocalypse.
| jefftk wrote:
| The causality is more complex: Chrome's approach from the
| beginning was that they would remove third-party cookies
| and replace them with more private alternatives like
| FLoC: https://blog.chromium.org/2020/01/building-more-
| private-web-...
|
| (Disclosure: I work on ads at Google, speaking only for
| myself)
| ocdtrekkie wrote:
| If we kill FLoC, my hope would be that Google still finds
| it untenable to backpedal on removing third party
| cookies... or that public awareness about Google's
| antiprivacy stance kills Chrome if they do backpedal.
|
| It's simple: We force Google to stop tracking us, or we
| stop using Google products.
| jefftk wrote:
| Chrome is not the only browser working on more
| advertising-specific APIs as more-private replacements
| for third-party cookies. For example, Edge is proposing
| PARAKEET [1] for remarketing, and Safari has implemented
| an initial conversion tracking API [2].
|
| [1] https://github.com/WICG/privacy-preserving-
| ads/blob/main/Par...
|
| [2] https://webkit.org/blog/8943/privacy-preserving-ad-
| click-att...
| ocdtrekkie wrote:
| Yeah, I've heard of PARAKEET, and imagine concerns are
| quite similar to FLoC. Thankfully, Microsoft doesn't have
| the capability to push web standards, so as long as
| Google doesn't adopt it, we are good there. =)
|
| Apple's solution doesn't look like it provides user
| interests or demographics, does it?
| jefftk wrote:
| PARKEET is much more like Chrome's TURTLEDOVE/FLEDGE than
| it is like FLoC ;)
|
| There's a lot of cooperation here, and similar goals; I'm
| not sure why you think Microsoft and Google can't find an
| API they both like?
| danShumway wrote:
| If Chrome wants to be the only browser with third-party
| cookies, they're welcome to, I suppose. Breaking down
| Chrome's dominance has to start somewhere, and having a
| straightforward, easily verifiable reputation as the
| single least private browser on the market is a decent
| start. I already know what the headlines from most sites
| will look like if Chrome decides to reverse course.
|
| If only Firefox was removing cookies, that would be a
| problem, because Chrome could just ignore them. But with
| Safari on board as well, and with the entire iOS market
| at stake for sites that try to ignore the policy...
|
| If Chrome doesn't remove third-party cookies, they will
| be the only browser anywhere not to do so. Chrome's
| original stance might have been conditional on finding a
| replacement, but I'm not sure they still have a choice at
| this point. I don't think Google is going to hand that
| selling point to Apple, and you're seeing yourself in
| these comments that a lot of the people following this
| issue didn't accept Chrome's original promise as
| conditional.
|
| And maybe Chrome is confident enough in their market
| position that they're willing to take that hit and they
| think it won't matter. Maybe they're even right. From my
| perspective, breaking Chrome's dominance on the web is a
| necessary thing that needs to happen eventually for the
| health of the web, so every time that Chrome makes their
| browser worse in a highly public way, that's a win.
|
| Remember that Firefox and Safari are already blocking the
| majority of third-party cookies online, and those
| browsers still work today, the web hasn't broken for
| them. So every year that Chrome spends delaying that
| deprecation is another year where people like me can
| point out that they're lagging behind literally the
| entire market on privacy.
| jefftk wrote:
| _> If only Firefox was removing cookies, that would be a
| problem, because Chrome could just ignore them. But with
| Safari on board as well, and with the entire iOS market
| at stake for sites that try to ignore the policy._
|
| nit: Safari was ahead of Firefox here, with ITP 1.0
| blocking most third-party cookies by default in 2017.
| ocdtrekkie wrote:
| Indeed, Apple's been at the forefront here. It's why I'm
| low key okay with the WebKit monopoly requirement on iOS,
| everyone has to deal with it.
|
| And the other minority browsers are also on board now.
| Edge and Brave and such are also preferring privacy-
| friendly default configurations.
| izacus wrote:
| By "we" here you mean... Google with Chrome (as the most
| popular browser), Apple with Safari and Mozilla with Firefow.
| Google being the one against whom the fight against FLoC is
| being fought?
|
| That sounds... optimistic since you needed Google to form
| that "we".
| outside1234 wrote:
| From my surface level reading of FLoC - would it be possible for
| Edge or Mozilla to implement FLoC - but to send noise / random /
| incorrect data up in a way that essentially wrecks the algorithm?
| gruez wrote:
| Then advertisers will fingerprint the browser as well, to see
| whether the FLoC data can be trusted.
| outside1234 wrote:
| Just have everyone spoof Chrome then
| SpicyLemonZest wrote:
| A substantial amount of modern Internet infrastructure
| relies on the fact that major actors are behaving in good
| faith. This isn't a chain of escalation anyone would
| benefit from going down.
| mindslight wrote:
| The surveillance companies have started us down the path
| of bad faith by nonconsentually tracking us via protocol
| and implementation bugs that leak identifying
| information. IMO Firefox et al need to keep working
| towards a better-specified JS runtime without these
| security vulns, so that when the layperson complains
| about big tech surveillance an easy answer is "Stop using
| Chrome".
| gruez wrote:
| For firefox this is nearly impossible because of the
| different quirks it has in its javascript/layout engine. It
| might be easier to do with all the chromium forks, but it's
| unknown how the proprietary bits in chrome affect browser
| behavior. At worst they can use something like have
| obfuscated code (eg. widevine L3) for attestation.
| bogwog wrote:
| I don't see why not, but that doesn't help the ~95% of people
| not using Firefox (let's be real, Microsoft is not going to
| pass up the chance to violate someone's privacy).
| Hnrobert42 wrote:
| The Verge interpreted MS's stance on FLoC as a soft no. In
| any event, it is not an obvious yes.
|
| https://www.theverge.com/2021/4/16/22387492/google-floc-
| ad-t...
| SpicyLemonZest wrote:
| This interpretation is missing the important context that
| the PARAKEET proposal (https://github.com/WICG/privacy-
| preserving-ads/blob/main/Par...) is another strategy for
| opt-out personalized ad targeting. So they may have
| technical quibbles or business concerns, but they're not
| opposed to the core concept.
| marcosdumay wrote:
| Well, if those 95% of the people (who exactly is counting,
| and how?) want Mozilla to help them, they should consider
| switching from Chrome (and stop enabling Google on the
| meantime).
| matkoniecz wrote:
| > Microsoft is not going to pass up the chance to violate
| someone's privacy
|
| If they are not benefiting and Google is benefiting they may
| pass on that.
| [deleted]
| slver wrote:
| > Why is this bad? As the Electronic Frontier Foundation explains
| in their post "Google's FLoC is a terrible idea", placing people
| in groups based on their browsing habits is likely to facilitate
| employment, housing and other types of discrimination, as well as
| predatory targeting of unsophisticated consumers.
|
| All of this has been happening with tracking cookies, fingerprint
| tracking, pixel tracking and so on. And will continue to happen.
|
| I find it so bizarre it took Google to talk about phasing out 3rd
| party cookies and replacing it with a much lesser technology in
| the face of FLoC, for people to suddenly be all up in arms about
| it.
| jffry wrote:
| Third party cookies, love them or hate them, have been with us
| for a long time, and simply dropping them would not be viable
| without the long phase out. And a long phase out is not
| something around which you can form a singular rallying cry.
|
| FLoC is a new thing which is just being rolled out, so it's a
| lot easier for people to resist adding a new thing that makes
| the internet more crappy and less private.
|
| I think it's unnecessarily fatalist to say that all of this
| will continue to happen so what's the point of resisting it.
| Public awareness and negative opinion of the pervasiveness and
| creepiness of internet tracking continues to grow, and advocacy
| against tracking mechanisms helps create the type of
| groundswell which could actually shift public policy to forbid
| such tracking.
|
| Google specifically is catching some heat for potential
| antitrust problems, so raising a ruckus about Google abusing
| its dominant browser position to cram FLoC into the internet is
| more likely to have positive effect than ever before.
| slver wrote:
| If you have figured out a way to eliminate tracking, be my
| guest. Mozilla would like to know, Apple would like to know.
| Until then FLoC attracts attention because it's new, yes,
| this explains our reaction. It's still an irrational
| reaction.
|
| Also what's this "predatory targeting of unsophisticated
| consumers" about? You don't need targeting for this. Heck you
| don't need anything for this. The way it's usually carried
| out is you hack some sites and redirect them to you landing
| page about "this one magic trick to riches, banks hate her".
| rattray wrote:
| Ah come on. The FLoC proposal has built in ways to turn it off.
| If you don't wanna be put in a cohort you can just configure your
| browser (even chrome) to say you don't have one.
| dannyw wrote:
| If it's not opt in, it's malware and should be treated as such.
| Don't let Google gaslight you.
| meattle wrote:
| WordPress is 41% of the web. If this goes through and FLoC is
| disabled by default by WordPress, will FLoC be dead on arrival?
| BiteCode_dev wrote:
| Well, FLoC is implemented on Chrome, you don't disable it, you
| opt out with a Header.
|
| So if Googles find that too many people uses the header, they
| can just decide to ignore it from now on. Who is going to
| prevent them to do that ?
| ahartmetz wrote:
| Possibly GDPR? As an explicit no-consent to tracking? Not
| rhethorical questions, I know too little about the details.
| BiteCode_dev wrote:
| When you use Chrome for the first time, it makes you accept
| its ToS which tells you they are going to track you.
| [deleted]
| cseleborg wrote:
| IANAL, but my understanding is that this is not in line
| with GDPR. You are not allowed to force the customer into
| tracking, which effectively happens in the scenario you
| describe since the user can't use the browser without
| accepting the ToS. Also, you have to be quite explicit:
| simply burying tracking in 52 pages of unrelated legalese
| is not compliant with GDPR.
|
| Someone please chime in if I'm wrong here. I'm no lawyer
| but do take these things seriously (I'm trying my best to
| provide a tracking-free website.)
| kergonath wrote:
| If the ToS are contrary to the law, then they are null
| and void. Laws tend to trump private agreements. Then, if
| it goes to trial in Europe, they'd have a hard time
| proving that the ToS are fair and that the user agrees
| freely and understanding what is being agreed, which is
| also another condition for any form of contract to be
| valid.
| t0mas88 wrote:
| They will lose that case under GDPR, you can't hide the
| details in ToS and hope the user doesn't see it. You must
| get informed and freely given consent. Google is
| violating both, because I can't click "No" and the
| information is so hidden you can't expect a normal
| consumer to find it.
|
| It will take a few years but they're going to get hit
| very very hard by EU privacy regulators.
| BiteCode_dev wrote:
| Of course, but the goal is not to win, the goal is to
| make it so it take years before they get fined. In the
| meantime, they will have made enough money and it will be
| factored into the cost of business, then they will come
| up with a new tracking scheme. Rinse and repeat.
| [deleted]
| [deleted]
| codegeek wrote:
| "WordPress is 41% of the web"
|
| This blows my mind every time. Even though I know it.
| skybrian wrote:
| I don't know it. Where did you learn it?
| itcrowd wrote:
| https://w3techs.com/technologies/overview/content_managemen
| t
|
| 41.1% of websites
| skybrian wrote:
| Okay, thanks!
|
| It looks like it's based on the top ten million websites
| by traffic, but weighted equally. Maybe there are lots of
| low-traffic WordPress sites?
| withinboredom wrote:
| > Maybe there are lots of low-traffic WordPress sites?
|
| And many, many more high traffic websites. There's even
| some Facebook landing pages running WordPress and other
| many high profile sites[1].
|
| 1: https://wpvip.com/
| ocdtrekkie wrote:
| Between large web publishing platforms and all alternate
| browsers blocking FLoC, I think we could kill it, yes.
| WordPress is used by a lot of marketing focused folks though,
| so we'll see if WP is able to land this.
| nonbirithm wrote:
| It's staggering how much leverage WordPress has. They were
| going to stop using React because of the patents clause, and
| only a week later Facebook caved and relicensed it as MIT.
| l00sed wrote:
| This is very interesting. My web development role right now
| is at a marketing company that works pretty exclusively
| with Wordpress.
|
| I've always been so interested in learning about the next
| best thing that I hadn't given Wordpress much thought.
|
| Now, using it all the time, it's popularity is very
| understandable as an interface for people who are not
| technically savvy to maintain their own website.
|
| I feel like the Wordpress community isn't the loudest, but
| it is certainly a force. I think, as a brand, this move
| definitely has me more excited about working with their
| software.
| ceres wrote:
| Exactly. A big part of the WordPress community are
| publishers, bloggers, affiliate marketers, etc who rely on
| ads to generate revenue. I'm not sure they'd be too thrilled
| with this proposal.
| sircastor wrote:
| Sure, but this doesn't mean no advertising, it means no
| default supporting FLoC. I know advertisers aren't going to
| like it, but I doubt it means they'll give up advertising
| altogether.
|
| I wonder if AdWords will require use of floc headers
| llarsson wrote:
| The ones in marketing will rather immediately request that it
| is turned on instead.
| abhinav22 wrote:
| Google has such a monopoly that it will take a lot to overcome
| their plans.
|
| Glad to see WP taking a stand - I never knew that FLOC would be
| so bad. The WP proposal made it clear that it's a
| discriminatory technology.
| markovbot wrote:
| Most likely google will just turn off that silly opt out
| functionality. It's not like anyone's going to stop using their
| spyware browser.
| Silhouette wrote:
| Surely that depends on what their experience using it is,
| just like every other "winning" browser before that is no
| longer winning? If FLoC generates so much hostility within
| the web dev community that a few major sites/platforms start
| actively blocking it, and if Google responds by ignoring the
| opt-outs in Chrome, and if the community responds with a
| SOPA-like "no access using Chrome for the next 48 hours then,
| here are some other fine browsers you can use instead that
| don't invade your privacy in this way", Google will simply be
| outgunned. However, you probably need platforms on the scale
| of WP and/or some sites with huge audiences like
| Facebook/Wikipedia/Netflix/Reddit to be on board for the
| effect to be fast and powerful enough to make a difference.
| markovbot wrote:
| >and if the community responds with a SOPA-like "no access
| using Chrome for the next 48 hours then, here are some
| other fine browsers you can use instead that don't invade
| your privacy in this way"
|
| that seems unlikely.
| Silhouette wrote:
| Is it, though?
|
| It appears that Google is trying to rewrite the rules of
| how browsers and the Web work, with the appearance of
| being on the side of privacy, but actually introducing an
| alternative method of surveillance that is going to be
| less favourable to almost everyone except Google. How
| many of the huge-audience sites are potentially going to
| lose out from that, not least because they rely on
| advertising themselves for the lion's share of their
| revenues?
|
| This whole discussion started with a proposal from a
| platform that is supporting nearly half of the sites
| people are visiting. That puts WP in a unique and
| potentially very powerful position here as well, and
| evidently they're interested in trying to force the
| issue.
|
| And finally, the SOPA experience has shown that it is not
| entirely implausible for large numbers of sites to
| collaborate in this way if they feel the threat is
| serious enough. So if FLoC is as bad as the critics are
| suggesting, it doesn't seem entirely out of the question.
| There seem to be quite a few powerful organisations that
| would have a variety of motivations for wanting to give
| Google a bloody nose over this one.
| feanaro wrote:
| I'd like to see them try that and see how that flies.
| tomjen3 wrote:
| Chrome is entranched, but not like IE was. You have to
| install the browser in the first place, which means the
| moment it starts to be too crappy people move elsewhere.
|
| Why do you think Google hasn't prevented adblockers from
| running on it? If they did so, it would sink the browser so
| quickly.
| dvfjsdhgfv wrote:
| > the moment it starts to be too crappy people move
| elsewhere
|
| You seriously underestimate the power of inertia.
| JoshTriplett wrote:
| One of the ways Chrome got as popular as it did was to
| bundle installation of it with various other programs, the
| way spyware and adware did. You install a random program,
| you don't open "advanced install" and uncheck "Chrome", and
| you end up with Chrome installed.
| karaterobot wrote:
| I wonder whether, if WP takes the stance that FLoC is a
| security risk, whether they'd also consider a version of
| Chrome that doesn't allow opting out of it a security risk as
| well. And, if not, why not?
| enlyth wrote:
| This assumes the majority of these Wordpress websites will
| update to the latest version in a timely manner
| codegeek wrote:
| If added as a security patch, lot of websites will auto
| update.
| spockz wrote:
| I'm not sure whether that would be wise to do for WP. It
| will show that WP can and is willing to basically push any
| update to sites running WP just to further a cause of the
| company.
|
| Mweh if it doesn't break anything. But terrible if it
| breaks something.
| withinboredom wrote:
| It's the WordPress Foundation and the code is driven by a
| community, not really a company with a chain of
| command...
| [deleted]
| ocdtrekkie wrote:
| A key point of this is that if they consider it a security
| flaw, they will backport it into point releases for WordPress
| blogs that haven't done major upgrades in years.
| tootie wrote:
| I think that stat is more like 41% of servers, not 41% of
| traffic.
| ognarb wrote:
| My fear is that it will end up exactly like the do not track
| headers and that at some point Google won't listen to the
| disable Floc header.
| gruez wrote:
| >WordPress is 41% of the web
|
| By domains or by visits?
| redwall_hp wrote:
| As far as I'm aware, it's flawed in the same way as the PHP
| popularity stat: domains that _report_ it in an HTTP header.
| I don 't know about you, but I don't put a header advertising
| that I built a site with Python and Flask or whatever.
| neolog wrote:
| I guess those go in the "None" bucket, so I think they are
| counted.
|
| https://w3techs.com/technologies/overview/content_managemen
| t
| geocrasher wrote:
| It would appear that there are already at least two plugins that
| take care of this for those who'd like to do so before it's
| rolled into the WordPress core:
|
| https://wordpress.org/plugins/search/floc/
| mritzmann wrote:
| You don't need a plugin for this (every plugin is a security
| risk). You only need to send one single http header.
| geocrasher wrote:
| True, but modifying core files to send the header isn't good
| either because you'll have to redo the change at every
| update. Also, most security plugins such as Wordfence will
| choke on a modified core file, and rightly so.
| redwall_hp wrote:
| You can chuck the same hook (as seen in the original link)
| into your theme's functions.php file. Or make your own
| plugin to hold miscellany.
| [deleted]
| SimeVidas wrote:
| The real solution is to make everyone stop using Chrome.
| busymom0 wrote:
| I am a bit uneducated at this but does Brave browser which is
| based on chromium also have the same problem?
| sseneca wrote:
| They've said they're going to disable FLoC. Still, this is
| one of the benefits of Firefox, it's not based on Chromium at
| all so it's out of the question.
| foobiter wrote:
| Brave has already said they won't support FLOC
| SimeVidas wrote:
| No, Brave removes everything that has to do with Google from
| the browser.
| toomim wrote:
| The intro lost me:
|
| > WordPress powers approximately 41% of the web - and this
| community can help combat racism, sexism, anti-LGBTQ+
| discrimination and discrimination against those with mental
| illness with four lines of code:" function
| disable_floc($headers) { $headers['Permissions-
| Policy'] = 'interest-cohort=()'; return $headers;
| } add_filter('wp_headers', 'disable_floc');
|
| If you seriously think this is going to make a difference in
| _racism_ , of all things... I mean... do people seriously think
| that? Do you know what racism is anymore?
| notatoad wrote:
| I mean I'd be willing to listen to an argument that FLoC _will_
| contribute to systemic racism. I accept that it 's plausible.
|
| But it really makes me distrustful of the whole proposal when
| people make wild claims like that and don't feel like they need
| to make even the briefest attempt to back it up. It seems a lot
| more like they're just taking the currently trending social
| cause and co-opting it to support their own unrelated agenda.
| kevingadd wrote:
| FLoC exists to group users down into behavioral targeting
| categories, it should be obvious that some of those will end up
| corresponding to gender or race or other traits that are
| protected statuses. We've repeatedly had incidents where big
| companies were caught accidentally letting (for example)
| landlords filter advertisements by race or recruiters filter
| listings by age, both of which are illegal.
| dqpb wrote:
| Does race determine behavior?
| amarant wrote:
| FLoC is replacing cookies, that were already used in pretty
| much the exact same manner. I can't say I think FLoC is a win
| for consumers, but how it will promote racism any more than
| cookies is beyond me.
|
| I could be wrong of course, if so, please explain how.
| Spivak wrote:
| Because cohorts are stronger than cookies for sites that
| aren't tracking you across the web and correlating that
| data.
| dstaley wrote:
| Yup, from the linked EFF article:
|
| > Observers may learn that in general, members of a specific
| cohort are substantially likely to be a specific type of
| person. For example, a particular cohort may over-represent
| users who are young, female, and Black; another cohort,
| middle-aged Republican voters; a third, LGBTQ+ youth. This
| means every site you visit will have a good idea about what
| kind of person you are on first contact, without having to do
| the work of tracking you across the web.
| Closi wrote:
| To further back up the post - we have previously seen
| targeted advertisement used specifically to disenfranchise
| black voters, so there is definitely precedent.
| dang wrote:
| Please don't take HN threads into extraneous flamewar. This is
| in the site guidelines: " _Eschew flamebait. Avoid unrelated
| controversies and generic tangents._ "
|
| https://news.ycombinator.com/newsguidelines.html
|
| Cherry-picking a detail you find most triggering in an article
| and importing it here to express how provoked you feel is a way
| of setting the thread on fire--no doubt unintentionally [1],
| besides which the greater part of the problem is caused by the
| upvotes such things attract--but still, we don't want threads-
| on-fire. We're trying for something different than that.
|
| Readers should leave tangential provocations where they find
| them, and commenters should comment on what gratifies their
| intellectual curiosity, as the guidelines ask.
|
| Edit: also, please don't use HN primarily for political or
| ideological battle. It's not what this site is for, and it
| destroys what it is for, so we ban accounts that cross that
| line [2], and your account's recent history seems to have
| crossed it. Fortunately that seems to be a recent development
| so it should be easy to fix.
|
| [1]
| https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...
|
| [2]
| https://hn.algolia.com/?sort=byDate&dateRange=all&type=comme...
| toomim wrote:
| Ok, these are good points. I would love to have less politics
| involved in my tech discussions and will adjust my own
| comments as you suggest. Thanks!
| Spivak wrote:
| I think you're the one that's operating on a purely old-school
| definition of systematic discrimination. You're giving people a
| signal that by it's very nature groups people like them
| together and naturally will have a correlation to their age,
| gender, race, wealth, ability, blah blah. And then you're told
| that you're _supposed_ to use this information to make
| decisions about them as an individual. How does this not lead
| to racism?
|
| This is the digital equivalent of trying to be "race blind."
| You can't just remove the race column in your db and assume
| that's it fine to torture your data for patterns secure that
| your results won't correlate to race.
| takeda wrote:
| I just love the Google's way of thinking.
|
| Users: We hate cookies, because they are abused to hurt our
| privacy by allowing advertisers to build a profile about us
|
| Google: We have a great idea! We can get rid of 3rd party cookies
| and instead make your browser build profile about you and share
| it with everyone.
| pm90 wrote:
| IIUC while floc does indeed build a profile browser side it
| isn't something that advertisers can track with the same
| precision as they can with 3p cookies.
|
| So while it's not the holy grail it does appear to be a small
| step in the right direction from the status quo.
|
| Do I understand the situation correctly? Genuinely curious.
| NotEvil wrote:
| True, but the FLoC implementation comes with its own sack of
| worms look eff excellent post on it.
| kjjjjjjjjjjjjjj wrote:
| Paraphrasing what I saw somewhere
|
| > If I go to thing W, X, Y, and Z (where those are distinct
| elements with distinct fans), people within those cohorts
| will be indistinguishable but I will likely be the only
| person who has been to all 4. Therefore, you can easily
| identify individuals. FLoC is a crock of shit. At least you
| could block 3rd party cookies
| nabakin wrote:
| That's what I've been wondering. If FLoC is better for
| privacy than current tracking methods and Google intends to
| switch to using FLoC instead of current tracking methods,
| wouldn't it be better for FLoC to succeed?
| vimda wrote:
| Even if we assume that FLoC is entirely good, it's a false
| choice - why do we need _any_ tracking at all?
___________________________________________________________________
(page generated 2021-04-18 23:00 UTC)