[HN Gopher] Amazon is blocking Google's FLoC
___________________________________________________________________
Amazon is blocking Google's FLoC
Author : estas
Score : 391 points
Date : 2021-06-15 13:31 UTC (9 hours ago)
(HTM) web link (digiday.com)
(TXT) w3m dump (digiday.com)
| Arjuna144 wrote:
| I am really happy to see that. So many concerns over privacy all
| around the web
| delduca wrote:
| If I want to block Google's FLoC on my website, what I should do?
| mabbo wrote:
| How long until Google counters by modifying Google Search's
| algorithm to lower the rankings of any website with headers that
| block FLoC?
| tgv wrote:
| Since it includes Amazon, I'm betting it'll be long. They'll
| rather invent something even nastier.
| WORMS_EAT_WORMS wrote:
| Trying to block this is a losing battle. The whole privacy-first
| angle is so disingenuous, too.
|
| Is there a way we can just obfuscate / ruin our data with them?
|
| Like a tool or browser extension I can run that clicks / visits a
| bunch of random links and totally trashes which "cohort" Google
| thinks I belong in.
|
| I'd pay for this more than paying to opt-out. Then serve me all
| the ads you want.
| teitoklien wrote:
| Just don't use chrome ? Or if you really like chrome Use a
| chromium browser that won't implement cohorts , why bother
| feeding it disingenuous data instead of just not feeding it
| anything ?
| driverdan wrote:
| Stop using Chrome.
| flixic wrote:
| It speaks volumes that Google allows many ad blocking
| extensions in Chrome Web Store, but blocked an extension that
| was doing exactly that:
|
| https://adnauseam.io/free-adnauseam.html
| ec109685 wrote:
| Does that actually work? It seems like clicking on every ad
| would be easy to filter out.
| sodality2 wrote:
| Probably, but it would "trash which "cohort" Google thinks
| I belong in"; there's really no reason to fool Google into
| putting you into a specific cohort as opposed to just a
| random/"broken" one; either way, your true cohort is
| obscured.
|
| Unless you were studying the impact of ads you receive
| based on cohort, like https://their.tube.
| throwaway3699 wrote:
| More likely FLoC will place you in a cohort also full of
| other AdNauseam users.
| drewmol wrote:
| https://adnauseam.io/
| hahahasure wrote:
| I'm surprised this hasn't happened yet.
|
| Also there's an issue that bots are detected easily.
| dannyw wrote:
| That's because Chrome banned it.
| lcnmrn wrote:
| At this point, Firefox should adopt Gemini to protect the open
| web.
| ng55QPSK wrote:
| first world problems
| bayindirh wrote:
| I don't think so, and I'm actually happy that Amazon is
| blocking Google on this front.
|
| Amazon is always protective its customer data though. Their
| e-mails don't have details or invoices either.
| tacomonstrous wrote:
| I find this behavior pretty hostile. Every other online order
| I can track right from my email except for Amazon's. Facebook
| also does something similar with its 'so-and-so made a post's
| emails.
| bayindirh wrote:
| Actually, I'm on the other end of the spectrum. Google
| letting itself to parse everything, and doing it without my
| active consent is borderline creepy from my perspective. At
| least it can say "Hey, I've found a package, shall I
| track?".
|
| Instead I use an application called FindMyParcels which I
| register my packages and get push notifications for them.
| It's a one man operation and works pretty well for me, so I
| didn't get bothered by Amazon's decisions.
|
| Neither of these two companies are angels, but when they
| compete instead of forming a bigger eye-of-sauron, it's a
| win in my book.
| testific8 wrote:
| first world problems come before third world problems
| amilios wrote:
| I never understood what FLoC offers to users directly (rather
| than to advertisers) -- FLoC requires a user to opt into it,
| right? Why would I do this as a user, what incentive does Google
| give me?
| chippy wrote:
| > it's just an HTTP header
|
| What would be the total bandwidth, energy and Co2 usage if the
| largest net entities from Google used this header?
| rantwasp wrote:
| i hear that this is going to consume more energy that the
| entire country of Argentina
| choppaface wrote:
| This is a great example of why Google FLoC is not incentive-
| compatible with consumers nor business owners. Amazon (like
| Facebook) has a monopoly on ad targeting on their target
| properties--- properties they own. Google FLoC is Google's
| attempt to (further) monopolize their target properties--- the
| web at large, which Google does NOT own. Google does NOT pay to
| service the traffic they generate. Google does NOT pay to fulfill
| consumer orders. Google wants you to think they're acting in your
| best interests with FLoC. Maybe if Google offered more free
| GCloud credits and subsidized conversions they generate, that
| would be a different story. (Maybe Google could start by paying
| Wikipedia for some of the traffic they generate). But Sundar
| wants you to think FLoC is about privacy, because Sundar has said
| time and time again that Google has lost people's trust.
| canadianfella wrote:
| Why would Google have to pay Wikipedia?
| tomComb wrote:
| Google's investments in the web has been massive. Your whole
| framing can be flipped on its head be pointing out that Google,
| unlike Amazon has been willing to make such huge investments in
| the one public platform we've got.
|
| Obviously Google does it for self interested reasons, but thank
| goodness they do - you can hate Google and targeted ads all you
| want but without Google pushing web and ad tech forward it
| would stand little chance against the competing proprietary
| platforms.
|
| Your suggestion that Google pay sites for the traffic they
| generate should like that ridiculous News Corp/Australian
| shakedown of Facebook and Google, which people were only able
| to justify based on their hatred of the target companies and a
| willingness to sacrifice the web to their ends.
| dcow wrote:
| _> would stand little chance against the competing
| proprietary platforms_
|
| Citation needed. What proprietary platforms would have taken
| hold if not for the grace of gmail?
|
| _> Your suggestion that Google pay sites for the traffic
| they generate should (sic.) like that ridiculous News Corp
| /Australian shakedown of Facebook and Google_
|
| Facebook is complying: https://www.msn.com/en-
| us/money/companies/facebook-to-lift-a... because hey, sharing
| the pot is better than no pot.
|
| I think the point is that nobody would go to Google if they
| didn't need to look something up on Wikipedia. So while
| Google helps users discover content and funnel them towards
| sites, Google would be 100% useless without the content that
| ultimately drives the traffic. The status quo, where Google
| lays 100% claim to the traffic and gets to control
| monetization, is frankly not in anybody's interest. So why
| should we accept it?
| loudtieblahblah wrote:
| Google's investment in the web is just like Microsoft's
| "Embrace, extend, extinguish" strategy, just far more
| sophisticated and nuanced. Just like the new Microsoft's so-
| called new-found embrace of Linux, open standards and
| interoperability. It's all a sham.
|
| Garbage like AMP, or flexing their dominance in the search
| market to force websites to comply with this or that or risk
| delisting, is garbage.
| tomComb wrote:
| You are kinda' making my point in highlighting AMP: one of
| the most hated Google 'contributions' to the web.
|
| Why did they do it? Because news website were heavy, slow,
| bad experiences compared to Facebook Instant news and Apple
| News etc. and so they those proprietary options were
| winning. AMP was designed to allow web sites compete with
| that.
|
| It was reported that Apple News is taking 50% cut. When
| media companies keep customers on their own sites they have
| many options - more are now running their own ad business
| entirely (NYT most recently). For many reasons I hated to
| see those proprietary platforms crush the web sites, but
| the web sites really were too slow and heavy.
|
| I'm certainly not telling you to like AMP - my point is
| that even their most hated, ham fisted product fits into
| this mold. It is totally open in every important way (look
| it up if you don't believe me) and it made a big difference
| in allowing sites to compete with proprietary platforms.
|
| MS is happy to use/embrace Linux, Chrome (even AMP) etc.
| but contributing is new to them. The embrace & extinguish
| thing is not the same when the company is creating and
| contributing the tech themselves.
| passivate wrote:
| >Why did they do it? Because news website were heavy,
| slow, bad experiences compared to Facebook Instant news
| and Apple News etc. and so they those proprietary options
| were winning. AMP was designed to allow web sites compete
| with that.
|
| They could have prioritized websites with fewer
| tracking/ads/scripts.
|
| I don't believe that Google cares at all about whats good
| for the web. They simply want to exploit it and pocket
| the money (as opposed to re-invest any major portion back
| in the infra/community) - in that sense, they're no
| different than any other nameless/faceless corporation.
| tomComb wrote:
| They are now moving to scoring sites based on their
| speed, but any big change they make to their search
| algorithm is done very slowly and with tons of advance
| warning - AMP was something of a quick stop gap.
|
| They are a for profit corporation in the end, so it is
| unfortunate to depend on them, of course, but I think
| they need to care about the health of the web - their
| profits tomorrow depend on it. And I think they've
| demonstrated it by creating so much tech that they give
| away.
| judge2020 wrote:
| > but without Google pushing web and ad tech forward it would
| stand little chance against the competing proprietary
| platforms.
|
| To give some evidence for this, Google pushed hard for PWAs -
| it serves their interests since they can focus on one
| platform for their desktop platforms, but also means that on
| Desktop (via Chrome) and Android each web app can just
| install themselves without having to distribute a native
| package or go through an app store.
| karmasimida wrote:
| By no means I am defending Amazon, but
|
| > make such huge investments in the one public platform we've
| got
|
| How are things like AMP justifying this goal?
|
| Ofc every company is doing things to advance its own
| interests, in that regard, Amazon has 0 incentives to share
| customer data which is truly unique/invaluable, with Google,
| or any 3rd parties.
| inopinatus wrote:
| On the contrary, the end-to-end federated Internet was doing
| just fine before Google came along, and will do just fine,
| perhaps better, when it's gone and no longer trying to co-opt
| every god-damn standards process for their own preferences.
| No-one has a monopoly on innovation: most inventions are
| driven by necessity, and large companies stifle genius, they
| don't foster it. Far from being the greater good, Google is
| remarkably pig-headed, and often downright incompetent
| outside of selling ads; even the usefulness of their flagship
| search is in decline.
| bsedlm wrote:
| As I see it, the real problem was making google into a for-
| profit corporation.
|
| The world would be a better place if google search had been
| made a not-for-profit (maybe like wikipedia?)
|
| By this point I would (maybe) pay a monthly subscription
| for a really good websearch like google circa 2005-2010
| throwaway3699 wrote:
| > By this point I would (maybe) pay a monthly
| subscription for a really good websearch like google
| circa 2005-2010
|
| UI changes and new features aside, the web is just so
| much more adversarial nowadays. It's no wonder so much
| rubbish floats to the top of Google because the reality
| it's drowning out all the other content.
|
| If you had the source code for 2005 Google it would be
| objectively worse today than it was then.
| ignoramous wrote:
| > _Far from being the greater good, Google is remarkably
| pig-headed, often downright incompetent outside of selling
| ads..._
|
| As is the nature of dualities, the web has benefit
| _immensely_ from Google 's investments even if it would
| have chartered a different (and in your opinion, a better)
| course had Google not existed in the first place. Someone
| pointed out, you couldn't say the same for Amazon. As for
| incompetence: imho, webrtc, which Google standardized and
| open sourced, is likely the single most important
| innovation on the interwebs (in terms of impact) just ahead
| of Microsoft's XMLHttpRequest.
| fpoling wrote:
| This all assumes that without Google this would not
| happen. But I fail to see why is this so. Linux happened
| without single corporation controlling it.
| ignoramous wrote:
| > _This all assumes that without Google this would not
| happen._
|
| To be fair, I am not the one that's assuming things here.
| I am speaking of how Google has indeed contributed when
| they really didn't have to (as pointed out with the
| example of Amazon).
|
| > _Linux happened without single corporation controlling
| it._
|
| A consortium of corporations, sure: linaro.org
| tristan957 wrote:
| What is the point of having a WebRTC standard if Google
| doesn't even follow it? Mozilla Firefox is given the
| shaft for many services because they don't support
| Chrome-only WebRTC APIs? Chrome and Google are bad for
| diversity on the web.
| fpoling wrote:
| When runnaroo.com was shut down I was surprised that it was
| done by single person who managed for some searches to
| return better results than Google.
|
| Which among other things shows that patents are bad for
| innovation in new and quickly changing industry. Google
| came up with their algorithm and heavily patterned it. As
| an invention it was not ground-breaking, but it matched
| very well how web worked. This gave them essentially
| monopoly in search from which they massively profited. At
| least now those patents expire.
| sidibe wrote:
| I've never heard of anyone saying patents have much to do
| with Googles success, can you point me to something about
| that? To me their infrastructure and scale was the big
| edge they've had over everyone
| efdee wrote:
| Was it though? Search kind of sucked before Google came
| along. Javascript in the browser was a joke. Google Maps
| and Mail were revolutionary.
|
| I'm not as positive about Google today as I used to be in
| the past, but I don't feel it's fair to pretend that they
| didn't help us take giant steps forward.
| choppaface wrote:
| Yes, you can definitely flip my argument or criticize it
| however you please. But I think what would help decide things
| is to see the hard $$ numbers on why Google thinks FLoC is
| actually inventive-compatible. They must have done a study
| here in order for FLoC to get the OK for launch. Maybe that
| study is right, maybe it's wrong. But Sundar has--- several
| times--- admitted that Google has lost trust, and now Google
| is trying to sell a big change without showing the whole
| picture. That's standard MO at McKinsey, but Sundar is now on
| a much bigger stage. Given the recent evidence showing how
| closely Google worked with Facebook to bias ad auctions, I
| think it's high time we review how Google assesses incentive
| compatibility.
|
| While I agree with you that Google paying for serving
| requests or some other equity mechanism sounds just plain
| odd, there are few tools to deal with multinational
| monopolies. Tesla is making bank right now in no small part
| from carbon offsets and consumer tax benefits--- that's all
| because Aramco and big oil won't diverge from their
| shareholder interests. Google usually welcomes novel
| web/social mechanisms and it's very telling when they so
| thoroughly refute the interests of news sites. Or try to
| solve the problem with something crappy like AMP.
| MisterPea wrote:
| > Obviously Google does it for self interested reasons
|
| My understanding was Google works a ton on open source and
| essentially making "the internet" better so that people will
| ultimately use Google more (since Google is the backbone of
| the internet) and therefore consume more ads.
|
| All of these tech advancements definitely helps the world
| more than it helps Google but I'm failing to know why/how
| FLoC helps the community more than it does Google? Not saying
| Google is in the wrong to do things out of self-interest, but
| this scenario is a little different
| Permit wrote:
| > (Maybe Google could start by paying Wikipedia for some of the
| traffic they generate).
|
| What does this mean? You think Google should pay for people who
| are sent to wikipedia.org after a Google Search? Or you think
| Google should pay for the information they scrape from
| Wikipedia and display to users on a Google search results page?
| snug wrote:
| > Maybe if Google offered more free GCloud credits and
| subsidized conversions they generate, that would be a different
| story.
|
| I'm pretty happy with all the free youtube content, search
| engine results, email, storage, word processor, spreadsheet,
| slide shows, messaging, and more I get
| robin_reala wrote:
| We blocked FLoC at my company because we couldn't see the benefit
| in allowing it. If, in the future, an obvious value shows itself,
| then we'll re-evaluate. But at the moment there's only a business
| and reputational cost to allowing Google to harvest our users'
| data.
| deskamess wrote:
| How do you block it?
| [deleted]
| Brendinooo wrote:
| Was also curious, found this on a search:
|
| https://paramdeo.com/blog/opting-your-website-out-of-
| googles...
| roody15 wrote:
| curious as well? How to block Floc?
| Exuma wrote:
| Add this as HTTP Response header:
|
| Permissions-Policy: interest-cohort=()
| dylan604 wrote:
| We should make a darkUI along the lines of prohibitive
| cookie policy modals that detect Chrome, and forces the
| FLoC in user's faces. It'll get ignored and be as useful as
| the cookie policy windows, but it'll be funny. Maybe add to
| the window "Don't like this message? Try Firefox instead!"
| gentleman11 wrote:
| What is the easy way to implement this? Just looking at
| user agent isn't ideal. Does your server just look for
| floc data being sent to you?
| robin_reala wrote:
| "Cookie policy modals" is bad naming: they're
| specifically there to get consent to track, regardless of
| the method you use to track in the first place.
| rantwasp wrote:
| the right answer, for now, is don't use chrome
| c0nfused wrote:
| Blocking FLoC is as easy as adding this header to the HTTP
| response:
|
| Permissions-Policy: interest-cohort=()
|
| Source: https://www.drupal.org/project/drupal/issues/3209628
| TheRealDunkirk wrote:
| So, wait. We add this into the headers, and just expect
| Chrome to respect it?
| sodality2 wrote:
| It's that or stop using Chrome
| gpm wrote:
| The website is really a third party here, the browser is
| choosing to track users browser history and report a
| summary statistic on it to anyone who asks, there's
| nothing the website can do about that.
|
| Chrome has promised to listen if websites say they don't
| want to be included in the browser history they calculate
| that statistic on, but it's all client side, there is
| nothing the website can actually do but request that they
| aren't included.
| SquareWheel wrote:
| > the browser is choosing to track users browser history
| and report a summary statistic on it to anyone who asks
|
| It doesn't work that way at all.
| gpm wrote:
| Really? Because that is how googles documentation says it
| works: https://web.dev/floc/#how-does-floc-work
| SquareWheel wrote:
| Nowhere in this document does it claim that a summary of
| your browser history is being sent to websites. It
| explains the actual process of how cohort IDs are
| generated and used.
| gpm wrote:
| A cohort id is literally a summary statistic...
|
| I think the problem here is just one of language, a
| summary statistic is a number calculated from a set of
| data that gives you some idea of the contents of the
| data, but condenses it in a way that you can't reproduce
| the original data. Common examples for numeric data sets
| are things like mean, mode, median, standard deviation.
| Common examples for data sets consisting of a finite list
| of strings (such as browser history) would be things like
| average length, character frequency, count, etc. The
| cohort id generated is unambiguously such a summary
| statistic.
| SquareWheel wrote:
| I think language could be an issue here, but the problem
| as I see it is that cohort ID doesn't contain even a
| summary of the data. It's really just a number.
|
| The website or ad network is able to read those numbers
| and build profiles on them, but it's still divorced from
| the user and their specific data.
|
| I think a better comparison is that of a hash. It sums up
| the data, but is just a unique identifier for it. Of
| course with a cohort ID it's non-unique (by design).
|
| Because the browser is only sending a number, it retains
| the ability to change, randomize, or obscure that number.
| That's an important privacy consideration of the system.
|
| For what it's worth, I do think more work is needed. One
| of Mozilla's suggestions which I liked was to
| automatically send a missing ID on occasion, just to keep
| things a little hazy and reduce fingerprinting viability.
|
| Fingerprinting is inherently less-necessary as a result
| of FloC, and you need to balance it to not become
| necessary again, but it's a way to protect users that
| fully opt-out without themselves become fingerprintable.
| 8note wrote:
| Based on https://web.dev/floc/#floc-server it looks
| exactly like an ml class, rather than a hash.
|
| Almost certainly your browser history is summarized into
| a vector, and then the closest class number is chosen and
| sent.
|
| You might not know which vector the number represents,
| but it does represent a vector for the centroid, and has
| relationships with other cohorts.
|
| I'd say it's guaranteed that that interface is leaky
| anchpop wrote:
| that's my understanding of how it works too. could you
| explain?
| SquareWheel wrote:
| Rather than the browser sending a summary of your
| history, it calculates a cohort ID. That ID is sent to
| websites, and the website then has the job of associating
| IDs with interests.
|
| So instead of building a profile on specific users, the
| website (or ad network) builds profiles on cohort IDs.
| Users can change IDs, or mask theirs altogether if they
| wish.
| MiddleEndian wrote:
| Reminds me of when people naively expected "Do Not Track"
| to be respected lol
| iaml wrote:
| I've seen people say dnt could be ignored because it's
| off by default in some configurations(safari), and user
| did not make a choice. Would be interesting to see what
| kind of mental gymnastics these people would apply here
| to ignore user's opinion.
| ratww wrote:
| Yep. Microsoft enabling it by default in IE10 was the
| default excuse for most of the advertisement industry to
| never start respecting it.
| renewiltord wrote:
| We actually respected DNT at an ad tech company I worked
| at and people still gave us grief for "tracking" them. We
| literally just 200'd the request immediately for all DNT
| requests. No processing, no tracking, nothing.
|
| Hilariously, I even opposed removing the code later
| because I wanted us to be a good citizen but it was
| practically dead code because people were still calling
| us evil. They could literally set their UA to play along
| (or use one that set it by default).
|
| I think we always kept the code in but it only incurred
| cost and we got blamed anyway. I think, looking back, I
| should have just removed that piece of middleware since
| no user ever really cared. It wasn't worth it for the org
| to pay for code so I could have a clean conscience.
| 8note wrote:
| Isn't there a response code for no change?
|
| Saying you did something doesn't help the user know that
| DNT was followed
| renewiltord wrote:
| We tried 202 and 204 and both led some UAs to show broken
| image placeholders. But during the time we did that
| people assumed that we were tracking them just
| incompetently ("Look! They've revealed themselves!"
| style).
|
| Maybe we tried some other codes but anything but 200 was
| unsafe to many UAs (you could 3xx but UAs would break on
| 304 too because the tracking pixel wasn't actually
| cached). Anything that led to UA breakage was verboten
| anyway on our side since we didn't want anyone to have a
| broken experience because they set DNT. That would have
| been bullshit.
|
| We were dumb-enough to handle P3P headers too (which
| AFAIK no one really used in the end). Lots of dead code.
| Ugh.
| bserge wrote:
| Hey, it worked with robots.txt all this time :D
| 1over137 wrote:
| >Blocking FLoC is as easy as adding this header to the HTTP
| response:
|
| That's "easy"?! How does my mom do that for her WordPress
| site?
| paxys wrote:
| WordPress should do it directly.
| soperj wrote:
| Wordpress is doing it as a minor release, and backporting
| it. So it'll be opt-in to floc for all wordpress sites.
| lioeters wrote:
| I hope they do decide to add the HTTP header to disable
| FLoC by default, unless site admins specifically opt in.
| From the discussion I've seen, it hasn't been decided for
| sure yet.
|
| Proposal: Treat FLoC like a security concern -
| https://make.wordpress.org/core/2021/04/18/proposal-
| treat-fl...
|
| Consider implications of FLoC and any actions to be taken
| on the provider (WordPress) front -
| https://core.trac.wordpress.org/ticket/53069
| [deleted]
| Mizza wrote:
| What else goes in this field? Can we all collude to flood
| Google's spybox with garbage data?
| gentleman11 wrote:
| You might enjoy this project. Its a browser plug-in that
| submits random search queries over time to ruin the
| accuracy of companies tracking https://trackmenot.io/
| yesbabyyes wrote:
| It's specified here: https://www.w3.org/TR/permissions-
| policy-1/#policy-controlle...
|
| There is a non-exhaustive list of features/APIs here:
| https://github.com/w3c/webappsec-feature-
| policy/blob/master/...
|
| Each feature takes an allowlist, specifying which, if
| any, origins can use the feature.
| soperj wrote:
| I don't see any of the sites mentioned actually doing that
| in their head. Can someone point me to how they're actually
| blocked?
|
| edit: ahhh i see it's in the http headers, not the head of
| the html. nvm.
| yabones wrote:
| We blocked it as well. Since we deal with health data, it
| seemed unethical to allow Google to add people to the "possibly
| sick" bucket and use that as part of their marketing.
| t0mas88 wrote:
| That's an interesting one, in all GDPR countries medical data
| has an even higher requirement as it's a case of special
| personal information. So Google scooping that up without
| clear user opt-in could result in large penalties.
| tyingq wrote:
| I know there is skepticism that the opt-out http header is
| useful. Mostly because the places deploying it wouldn't call the
| floc API anyway.
|
| But, it is certainly useful to publicly see floc sentiment. As
| far as I know, Amazon hasn't said anything publicly about floc,
| but now we know they are aware and doing something about it.
|
| I saw that GitHub and The Guardian also rolled out the header.
|
| Waiting for a website tracking who all has opted out to pop up.
|
| I think the header also has value as a "last resort" to catch any
| unintentional use of floc if your org doesn't want it.
| josefx wrote:
| As far as I understand the explicit call to FLOC will only be a
| requirement once it has gained traction. Right now Google is
| still using whatever they can to make it viable, so explicitly
| opting out is necessary for anyone who wants to be on the safe
| side.
| jude- wrote:
| Rival surveillance capitalist companies defend their respective
| attention goldmines. News at 11.
| rafaelturk wrote:
| Just like we all should be doing by now.
| [deleted]
| gentleman11 wrote:
| If Firefox had larger market share, Chrome wouldn't have been
| able to make this opt out for websites rather than opt in because
| it would have given them a bad public image. I don't think it's
| fair that some company gets to force every website maintainer
| (most aren't extremely technical and just use Wordpress or
| something similar) on earth to muddle through documentation for
| their particular setups to 1) learn it exists and 2) turn it off
| if desired.
| mdoms wrote:
| If Firefox wants a bigger market share they need a
| significantly better product. That's just how the world works.
| I don't use Chrome but I sure as heck don't use Firefox.
| paulpan wrote:
| From a purely implementation standpoint, defaulting to opt-in
| instead opt-out leads to a long and arduous user migration
| process. Especially if it's a major change and/or somewhat
| controversial. Furthermore it tends to fragment the userbase
| and accumulation of tech debt (e.g. feature disparity). I think
| this is a huge factor in iOS versioning having such good
| consistency across its install base.
| [deleted]
| magicalist wrote:
| > _If Firefox had larger market share, Chrome wouldn't have
| been able to make this opt out for websites rather than opt in_
|
| FLoC is _only_ opt in for testing the proposal[0]. As a sibling
| comment says this is technically performative but publicly
| signals a stance against the proposal.
|
| Though we also shouldn't forget that Amazon loves third party
| tracking and happily falls back to IP address associations if
| cookies aren't available.
|
| Edit:
|
| [0] https://developer.chrome.com/blog/floc/#take-part-in-a-
| floc-...
| jmholla wrote:
| Isn't it the opposite. It's opt-out for testing and is
| supposed to be opt-in when it goes live? I mean, I just
| disabled it and I am certain I didn't opt-in to it given that
| I had to go to about:config to have the setting show up.
|
| You can opt-in to actively be a part of FLoC, but if you
| don't opt-out, Google may randomly choose you to be part of
| their testing.
|
| Edit: I think your point may have been from the perspective
| of a website owner. Sorry.
| gpm wrote:
| > opt out for websites
|
| This wording annoys me. The websites have nothing to do with
| it. Google choosing to turn it's browser into spyware that
| leaks information about what you used to do with it isn't the
| websites fault, the webserver doesn't do anything and doesn't
| have anything done to it, there is nothing for it to opt out
| of.
|
| Google chose to give websites a way to request that the users
| browser doesn't include the fact that they visited this website
| in it's cohort calculation. That's fine, but the messaging
| around it is a transparent attempt at shifting the blame. It's
| not the website opting out or in, it's the website acting as an
| uninvolved third party bystander asking google to stop. Asking
| why a website didn't opt out is equivalent to a thief asking
| "well why didn't you stop me?" to the person looking on from
| the sidewalk.
|
| We shouldn't accept this messaging. We should be very clear
| that Chrome is the entity spying on you, not the website, and
| that the website has no power to decide whether or not chrome
| spies on you, only the ability to make a polite request that it
| doesn't (or more accurately, does so less).
| [deleted]
| dreamcompiler wrote:
| I would _love_ to use Firefox, but for some years now Firefox
| on the Mac (when I have a few dozen tabs open) causes multi-
| tens-of-seconds pauses whenever I do anything with the mouse
| like click or scroll. Some of these throw up a rainbow cursor;
| some just silently do nothing. And yes, I 'm using the latest
| version of everything, including hardware.
|
| While Mozilla obsesses about eye candy, they lose market share
| because they cannot be bothered to fix decades-old memory
| management problems in Firefox such that:
|
| 1. Memory leaks don't happen,
|
| 2. Garbage collection happens silently in the background, and
|
| 3. Garbage collection actually frees up memory for new
| allocations.
|
| This seems like pretty basic stuff; Chrome figured out how to
| make tabs scale at close to O[1] a long time ago, but in
| Firefox tabs still feel like they scale as O[n^2].
| ysavir wrote:
| If that's really the only thing keeping you from Firefox,
| which you would "love" to do, why not stop keeping dozens of
| tab open at a time?
| dreamcompiler wrote:
| because...it's a use case that I like that works fine in
| other browsers?
| [deleted]
| hahahasure wrote:
| Firefox just sucks. For some computers it works, but me and
| others have all sorts of breaking issues.
|
| I tried Firefox, it just sucks.
|
| Edit- shoot the messenger, it won't fix Firefox bugs or help
| their market share.
| tgv wrote:
| I've been using FF since forever (first Navigator, then a
| macos variant called Camino, and after it EOL'd, Firefox;
| tried quite a few others too, but always returned to FF).
| Never a problem, except of course with websites that don't
| test if it works on Firefox.
|
| > shoot the messenger, it won't fix Firefox bugs or help
| their market share.
|
| Your message doesn't really contribute to it either. If you
| hate Firefox with a passion and wish that Alphabet dominates
| the world and turns us all into clicking zombies, keep
| spreading it. Otherwise, better not.
| hahahasure wrote:
| I couldn't access this website with Firefox.
|
| Firefox is doing the damage to themselves.
| tgv wrote:
| You can't access HN with Firefox? This website loads one
| simple html file, one style sheet with a handful of media
| queries, three gifs and a small js file, which only seems
| to do things like voting and hiding. While FF 3.6 won't
| do the styling properly, even that ancient version should
| be able to display the contents.
| [deleted]
| lisper wrote:
| Wow, the bias in this article is unbelievably blatant:
|
| "[Amazon is] preventing Google's tracking system FLoC -- or
| Federated Learning of Cohorts -- from gathering valuable data
| reflecting the products people research in Amazon's vast
| e-commerce universe"
|
| Compare with, e.g.:
|
| "Amazon is taking steps to protect its user's privacy by blocking
| Google's heavy-handed overreach in leveraging its Chrome browser
| to spy on user's personal shopping habits and sell that
| information to other retailers".
|
| (Note: I'm not saying my rewrite is unbiased. It's not. It's just
| biased in a different direction to highlight the contrast.)
| judge2020 wrote:
| Isn't FLoC on-device? So 'gathering valuable data' would be
| users' own devices doing so, right?
| t0mas88 wrote:
| Does it matter whether the code Google wrote to do it
| executes on your device or on their servers? In the end they
| try to group people based on their Amazon browsing behavior
| and Amazon doesn't want that. Nor should any sane user want
| that, and Google knows that that's why it's opt-out instead
| of opt-in.
|
| Thank god they figured out it is illegal in Europe to do this
| without opt-in and didn't roll out FLoC here...
| dillondoyle wrote:
| It's pretty complicated and my understanding could be wrong
| and definitely not an expert. All the stupid CIA-style names
| that keep changing don't help. Turtledove, fledge, sparrow
| lol.
|
| But from what I think I know that's kind of right
| technically, but kind of not in terms of actual real privacy.
|
| Yes, the actual browsing data, e.g. for the basic floc
| cohorts only what amazon product page you visited, is no
| longer 'sent' to ad networks (that's a pretty big
| oversimplification of how ad networks track you but for
| brevity). That data is parsed in your browser to generate a
| cohort ID for you.
|
| But this cohort ID is exposed to the world
| document.interestCohort() and is what's used for targeting
| and tracking.
|
| To me it seems that the cohorts are so small "thousands of
| people" + IP or UA it's basically the same as a semi-long
| lasting uuid.
|
| And if you have like even 10 different cohort IDs, even if
| some of them are 'fake'/'noise' that's probably enough to ID
| you alone
|
| Here's an image from google's site.
|
| https://web-
| dev.imgix.net/image/80mq7dk16vVEg8BBhsVe42n6zn82...
|
| It also seems like Chrome/google might be still defaulting
| browser settings to give themselves even more data just like
| they currently do?
|
| https://github.com/WICG/floc#qualifying-users-for-whom-a-
| coh...
|
| BUT when you layer on the other proposals
| (Fledge/Turtledove/Dovekey or whatever) - which I don't
| understand that much maybe someone else can explain - it
| seems like it basically collect this page/product level data
| and makes it available to DSP etc for tracking/ad serving
| (again if not technically 1:1 basically in consequence given
| the sizes of these groups).
|
| Like one of the proposals talks about a 'trusted' key/value
| server which doesn't seem that different from what already
| happens? The original proposal wanted to move the entire ad
| bid/target/serve process into the browser.
| fastball wrote:
| Yeahhhh, but Amazon makes a ton off their own ad business and
| is trying to turn everyone's personal devices into a mesh
| network they own. They don't give af about user privacy.
| kevingadd wrote:
| IMO these two things are compatible. Their mesh network is
| incredibly gross but it's not a privacy violation, it's bad
| in other ways.
| fastball wrote:
| It's almost guaranteed to be a privacy violation unless you
| think Amazon can write complicated yet bug-free networking
| code.
| noahtallen wrote:
| I'm not sure about the privacy part, but they do have
| very good success with AWS, which I'm sure includes loads
| and loads of network code.
| [deleted]
| dylan604 wrote:
| Why do we believe the Googs will actually honor this flag? If
| it's just an HTTP header, the browser can be made to just act
| like it's not there. All of these "flags" are essentially honor
| policy level things (just like robots.txt), but if the thing is
| not even told to look for the flag, there's nothing stopping from
| doing exaclty what is being asked not to do.
| kmonsen wrote:
| Chromium is open source? We still don't control releases but
| having the open source version it should not be too hard to
| reverse engineer and see if they messed with it.
| edoceo wrote:
| How about in the G internal Chrome branch?
| jasonvorhe wrote:
| They've been respecting robots.txt and tracking opt-outs for
| years, right? Just one whistleblower and it's over. Why risk
| it? Also: Afaik it's opt-in after it leaves Origin Trial phase
| [1].
|
| [1]
| https://twitter.com/Log3overLog2/status/1384337637763387394?...
| dylan604 wrote:
| >They've been respecting robots.txt
|
| sorry, wasn't meaning to imply Googs ignores robots.txt. I
| was going for conceptually it is easy to ignore it, just as
| it is easy, conceptually, to ignore HTTP headers.
|
| >and tracking opt-outs for years, right?
|
| is this provable? if i opt-out with my g-account in the
| browser on a desktop, that should imply i want out of all
| tracking, yet you have to do it on each app on each platform.
| it's wack-a-mole that is impossible to win.
| h_anna_h wrote:
| Not that long ago there was a story about the google
| analytics opt out addon at
| https://tools.google.com/dlpage/gaoptout not doing anything.
| gentleman11 wrote:
| So they respect "do not track" headers?
| jasonvorhe wrote:
| No, but almost everyone ignored it and it never matured out
| of Candidate Recommendation:
|
| > Efforts to standardize Do Not Track by the W3C in the
| Tracking Preference Expression (DNT) Working Group reached
| only the Candidate Recommendation stage and ended in
| September 2018 due to insufficient deployment and support.
| [...] Despite supporting it in its Chrome web browser,
| Google did not implement support for DNT on its websites,
| and directed users to its online privacy settings and opt-
| outs for interest-based advertising instead. The Digital
| Advertising Alliance, Council of Better Business Bureaus
| and the Direct Marketing Association does not require its
| members to honor DNT signals.
|
| Source: https://en.wikipedia.org/wiki/Do_Not_Track
| yesbabyyes wrote:
| We believe it because Google submitted the permissions-policy
| header / attribute (which allows a site owner to control the
| permissions for a lot of things apart from interest cohorts,
| such as geolocation, fullscreen etc) and because we have no
| choice.
|
| The organization controlling "the thing" is the entity that
| asked for the feature, so we believe the thing will both know
| about it and honor it.
| TheRealDunkirk wrote:
| Counterpoint: Google makes billions of dollars from tracking
| and collating behavior across sites. If this impacts revenues
| more than they would like, the bet's off. There's a
| breakpoint here, and it's probably lower than people outside
| the company would expect.
| blauditore wrote:
| Are you working at Google and have more insights into this?
| thatguy0900 wrote:
| Google does a lot of shady stuff but they're a pretty sue-able
| entity, not some fly by night unknown data broker. If they say
| they will respect robots.txt and floc headers they probably
| will. They are surely collecting whatever data they want in
| other ways anyway.
| slver wrote:
| They will respect this flag for liability purposes.
|
| It's the only purpose this flag has.
| EMM_386 wrote:
| > There is a caveat regarding FLoC blocking on Whole Foods pages,
| however. While other Amazon-owned domains mentioned here that
| block FLoC do so using Google's recommended approach involving
| sending a response header from HTML pages, Whole Foods blocking
| employs a tactic that sends an opt-out header from Amazon
| analytics requests.
|
| What do they mean here, that the actual page request does not
| send the "no FLoC" HTTP header but the requests from Analytics
| do?
|
| What happens in this scenario?
| teitoklien wrote:
| Amazon has a pretty big advertising platform too , I think
| they'll try to spread this header on all the websites that use
| their ad platform.
|
| So they might be trialing it this way because of that, to help
| boost their ad platform and hinder floc , so that google cannot
| drop third party cookies that easily , as floc's on browser
| processing makes google the defacto judge on what information
| do they add into floc identifiers and what they do not ,
| meanwhile themselves getting all the unrestricted data from
| their browsers separately.
|
| By hindering mass scale adoption of floc , they're trying to
| delay dropping of third party cookies , to slow down google
| from getting an advantage over them.
|
| Atleast that's what I think , they might be testing it for
| other reasons, only an Amazon exec can answer it specifically.
| seanhunter wrote:
| Someone should make a browser plugin that puts you into a
| seperate random cohort with every click. It could be called "Floc
| off"
| dannyw wrote:
| Careful, google bans Web extensions that interferes with ads
| (AdNaseum). Only problem is ad blockers got too popular before
| they made Chrome.
| tomjen3 wrote:
| I wish they banned adblockers, because then people would move
| on to Firefox in droves. It would be a killer feature and
| reason to use Firefox.
| rovr138 wrote:
| I'm assuming you means from Chrome's extension store (not
| sure why they call it)
|
| While they can be installed manually with extra steps, there
| are also other browsers out there.
| M2Ys4U wrote:
| Don't worry, Google will just "accidentally" break
| compatibility for those extensions in a way that's
| _totally_ not just anticompetitive behaviour, because they
| 've _never_ done that sort of thing, like breaking other
| Google properties undermine Firefox before, no sir.
| 8note wrote:
| Windows phone wants a word
| dannyw wrote:
| They've made it so you basically can't keep non Chrome
| store extensions installed on Windows. At least not without
| a nag every day.
| gman83 wrote:
| I'm curious, with third-party cookies being fased out, and
| alternatives like FLoC being met with resistance, could this
| drastically cut the size of Google's revenue's down? If the ads
| can no longer be accurately targeted, I imagine that would mean
| the main value of AdWords is no more, and that's the foundation
| that entire company is built on.
| yesbabyyes wrote:
| Minor correction: AdSense would be the product affected by
| this. AdWords (now Google Ads) is the ads shown on Google's
| search result pages, and are contextual (depending on the
| search). AdSense, AdMob and Google Ad Manager makes up Google's
| ad network, which accounts for a much smaller part of revenue
| (about 12%, where AdWords accounts for ~57% and YouTube ads
| ~10%).
| nerdponx wrote:
| No. FLoC is part of their future/regulation-proofing and
| ladder-pulling strategy.
| fleddr wrote:
| I believe the biggest "victim" of the increasing difficulty of
| cross-site tracking are content websites.
|
| A content website has nothing to sell, assuming it's not behind
| a paywall. They are typically funded using general purpose
| tracking ads. The ads are based on other websites you visit and
| have nothing to do with the content you're reading.
|
| These websites may face a serious threat, and need an entirely
| different model. The most straight-forward alternative I
| imagine to be contextual non-tracked ads. Ads related to the
| content you're reading.
|
| Other victims are to be found in the shady world of data
| aggregators. Their entire existence is based on cross site
| tracking.
|
| Whilst websites and data parties may suffer, Google will
| continue to hoard data. Almost every website will continue to
| use Google analytics, Google fonts, Google Tag Manager, the
| like. This on top of the wide array of consumer products you
| may use: Android, its various Google apps, Gmail, Youtube, all
| of it.
|
| It's virtually impossible to avoid Google touchpoints, they
| will continue to know more about you than you do about
| yourself. They don't need AdWords for that.
| freeopinion wrote:
| Doubleclick did not invent advertising.
|
| Has everyone forgotten OTA broadcast television? Where Geritol
| spent a fortune advertising on the Lawrence Welk Show? And
| Kellogs flooded Saturday morning cartoons?
|
| I may be wrong, but I don't think advertisers have boosted
| their budgets in the age of targeted advertising. Google has
| done well to replace the old channels for advertising with
| their own pipeline. For the last twenty years it has mattered
| which ad platform could more accurately target your
| demographic. Google has won most of that war. Today, you pay
| Google whether the ad is targeted or not. So now, they can
| shift the battlefront to create other barriers to entry. And to
| keep people dependent on their infrastructure to package and
| deliver advertising at all.
| potatolicious wrote:
| It depends on what kind of ads - IMO the sunset of third-party
| tracking cookies gives an advantage to companies like Google.
|
| Products that target based on actual user intent benefit from
| cookie blocks, as that cannot be meaningfully blocked ever.
| (i.e., when you search for "brunch" ads relating to brunch show
| up)
|
| Products that target based on behavior _away_ from the product
| will suffer - but morally I 'm ok with that.
|
| Google happens to own one of the most intentful products out
| there - you directly tell the product what you want to see! The
| main pain for them will be loss of targeting ability in their
| network ads displayed on 3rd party sites - but their first-
| party products I suspect will see a boost in the new world.
| t0mas88 wrote:
| The Doubleclick and YouTube side of Google is also a big part
| of revenue and both use huge amounts of cookie based
| targeting.
| arkitaip wrote:
| Stupid Google spying on Amazon's customers when that's Amazon's
| job and gold mine.
| dylan604 wrote:
| Actually, it is. If I choose to browse Amazon's site, and they
| do first party tracking of what I'm doing on their site, then
| that's actually okay with me. How else are they going to offer
| me my browsing history, "Recommended by your browsing history",
| "Recommended by your previous purchases", etc. That goldmine is
| literally none of Google's business and all of Amazon's.
| [deleted]
| lupire wrote:
| Why such loyalty to one piece of legal fiction but not
| another?
| anticristi wrote:
| First party tracking is less creapy. When I walk in the
| shop, I know the shop assistant is looking at me. I don't
| expect the shop assistant of an unrelated shop at the other
| end of the mall to watch me.
| dineshdb wrote:
| I think the point was first party tracking was okay,
| irrespective of whether it was Google or Amazon.
|
| I expect first party tracking on YouTube and find it
| useful, but wouldn't want Google to track my activities
| across the internet.
| dylan604 wrote:
| yes, this. thanks for helping clarify
| aasasd wrote:
| Not seeing how anything going on with Floc hinders catch-all
| tracking that Google already does on the vast majority via
| Chrome. Floc is just a dummy throw-bone that allows Google to
| screw-but-not-quite all other ad networks by disabling third-
| party cookies.
| neonate wrote:
| https://archive.is/0hGwx
| jasonvorhe wrote:
| What I don't get about the reporting on this topic: Isn't all
| this opt-out stuff just necessary while Google is testing FLoC
| and it'll be opt-in(!) after it leaves Origin Trial phase? Or is
| this Google employee straight up lying* here?
| https://twitter.com/Log3overLog2/status/1384337637763387394?...
|
| * I don't suspect he his.
| tyingq wrote:
| I don't think he's straight up lying, but I do think the truth
| is probably more than what he's saying.
|
| Like perhaps using AdSense, Google Analytics, Google Sign In,
| etc, will include a buried implied "opt in" for your site at
| some point.
|
| Google is quite good at rolling out changes slowly enough to
| spread out any outrage. Watching the progression of ads take
| over their SERP pages, it was very slow and subtle. No ads,
| then just sidebar ads. Then one ad below the first one or two
| results, then above them, eventually leading to some pages with
| nothing but ads above the fold. Over many, many years.
| teawrecks wrote:
| Yeah, I read "sites will opt-in" as "sites are free to not
| use google products".
| tyingq wrote:
| I'm also curious how much info Google will choose to expose
| to Floc on their various sites. Within Gmail, for example,
| they could be very generous to other advertisers, or not.
| They already have the info, so I assume they could only
| expose a cohort interest of "email" if they wanted to.
|
| The floc repo currently says _" The algorithms might be based
| on the URLs of the visited sites, on the content of those
| pages, or other factors."_ Which is not super helpful. It
| seems like Google could fairly easily hide info from Floc
| since they own both sides.
| nightpool wrote:
| All of the reporting is ignoring this fact because everyone
| who's commenting on this issue is ignoring this fact in favor
| of their own assumptions about how the platform works. "Opt-out
| for testing, opt-in for production" has been the design from
| day one, but a lie can run 'round the world before the truth
| has got its boots on.
|
| (And while the author does say "Best guess", this isn't just an
| empty Google promise--if this changes, it would change the
| entire tenor of consensus-based standardization discussions
| that are happening here, and significantly lower Google's
| standing in the web standards community, which they care a lot
| about)
| t0mas88 wrote:
| Not just an empty Google promise, but really not even a
| promise at all. This is just some poor guy that really wants
| to believe his employer "won't be evil" while the rest of the
| world already knows they are. But hey, a few more years of
| making money from his stock options and more obvious moves
| from Google and then he'll leave and talk like he's the
| world's biggest privacy advocate...
| teawrecks wrote:
| I read those tweets 4 times and still don't see anything to
| convince me it will be opt in after leaving origin trial.
| shkkmo wrote:
| > And while I can't make promises about the API's final form...
|
| Not straight up lying, but downplaying concerns without
| actually being able to lay those concerns to rest.
| dhimes wrote:
| Kinda like when Steve Jobs downplayed concerns about the 30%
| cut from the app store by saying it's not important because
| everybody is using web apps anyway?
| seoaeu wrote:
| "Our best guess". The author of those tweets literally admits
| that they don't know what will happen. Personally, I'm not as
| inclined as them to give Google the benefit of the doubt until
| the absolute last minute.
| m3kw9 wrote:
| Why would Amazon let their competitors gather their own valuable
| data?
| venkat223 wrote:
| Google is too intrusive on privacy. I have blocked all google
| anti privacy actions.
| xaduha wrote:
| It's all pointless, it will win out eventually because it makes
| sense and Google isn't about to stop tracking you regardless of
| FLoC. All it does is disincentivizes smaller players from doing
| their own tracking which you'll have no control over anyway.
|
| Personally I don't see depersonalized targeting as a bad thing.
| Better than advertising dish washers to people who just bought a
| dish washer or some such nonsense.
| papito wrote:
| That would annoy me less than seeing dish washer ads AFTER I
| bought the goddamned dish washer.
| dylan604 wrote:
| They are just trying to help you out. They know there are "if
| you find it cheaper in the next 30 days, we'll refund the
| difference" policies out there. So those ads are actually
| much more helpful than you are giving credit. They can't help
| it you chose poorly and used a site that did not have that
| policy. /s
| papito wrote:
| If I ever decide to uninstall, re-pack, and return a
| dishwasher after I find it for $40 cheaper, I will let you
| know.
| dylan604 wrote:
| The point of the offer is that you don't have to do that.
| You just report that you found it, they verify, and then
| they will refund the difference in prices. Very few
| vendors do this, but it is a legit offer to help
| alleviate those post purchase regrets.
| fleddr wrote:
| That's not the reason you keep seeing ads for products you
| just bought. Google was aware of your interest in the
| product yet was unable to track that you actually bought
| one. So they think you're still looking.
| dylan604 wrote:
| hence the /s at the end of the comment
| fleddr wrote:
| Sorry, missed that :)
| throwaway3699 wrote:
| It's also not Google who controls re-targeting lists. At
| least on Facebook, retailers can easily tell this ad not
| to be shown to you after you paid.
| rytrix wrote:
| Always reminds me of
| https://www.youtube.com/watch?v=KbKdKcGJ4tM
| alias_neo wrote:
| I got a great one from eBay yesterday; Because you bought
| Ratchet & Clank: Rift Apart PS5, we thought you might like
| this; Ratchet & Clank: Rift Apart PS5.
|
| Hmm.
| ec109685 wrote:
| Buy a copy for your friend?
| alias_neo wrote:
| Ah yes, they're thinking of my friends!
|
| Jokes aside, if it was a multiplayer game that wouldn't be
| an impossibility.
|
| I like the recent trend of friend-copies of games that are
| co-op first like "It Takes Two", "Operation Tango" (is that
| name correct?) and the two-player Wolfenstein I forget the
| name of.
___________________________________________________________________
(page generated 2021-06-15 23:00 UTC)