It seems like FLoC could make it easier to opt out centrally rather than going through a mess of specific (dis)approvals for the specific trackers on every site. Maybe it could even be a good place for a dial - "I'll expose a 4-bit cohort, but nothing more specific."
It also seems like FLoC could make it more politically viable to crack down non-consensual tracking. Publishers wouldn't be able to say "we have no choice but to deal with this [third party tracker] scum" but could continue to gate content by subscription or (consensual) FLoC as necessary for their business model.
Pushing publishing and advertising towards proactive consent about targeting puts them into a dialog with the market about what's ok, instead of letting them hide behind a bunch of shifting tracker businesses.
> "I'll expose a 4-bit cohort, but nothing more specific."
You're dreaming. You'll also expose to Google IP and website URL via Referer in requests for fonts and jsquery bundles, in Google cookies masqueraded as first-party via CNAME tricks, in Chrome identifier and so on. Chances are you're using Google DNS 8.8.8.8 too.
I wont trust a company to disable the data source for their main revenue. Just don't use any of Google software and services. Android included, sadly.
It still coerces consent with a bad default. Sites will refuse to operate unless the FLoC is enabled, or will become obnoxious to use with it disabled. However, if FLoC were disabled by default then sites would be less likely to provide an obnoxiously bad service to those with it disabled.
Google is the farmer, websites are the dogs, and we are the livestock.
Some might say, in a fit of charitability, "but it's a bird reference", citing prior work. To which I say no; don't convince yourself for one moment that Google's army of PhDs didn't notice the sheep allusion. They are not that dumb. But they are this arrogant.
If I understand correctly, couldn't you just provide a static FLoC that isn't personalized? How will the sites know whether what they're receiving is actually personalized or not?
This is my question - unless this ties in with a model to rely on trusted computing, a system receiving a FLoC shouldn't be able to validate it. That means a browser plugin could simply return "0000".
Unless this ends up as some closed source DRM style blob (in which case we might as well kiss goodbye to the open web that can be accessed by standards compliant browsers), I can't see how anyone can stop this.
On the other hand, given the widespread use of ad blockers and tracking block lists, perhaps this simply isn't a design goal - just accept that 20% of techies will block it anyway and return 0 or simply not run a browser that supports it, and focus on the majority who think Chrome is synonymous with "the internet" and run it without add-ons.
If more people block ads then more effort is also devoted to circumventing ad blockers. Ad supported sites typically don’t care about the experience of viewers who aren’t revenue generating.
> If most browsers aggressively blocked ads then more sites would test to see if blocking ads breaks the site.
I'm not sure that's a reasonable assumption.
Many sites actively break their own user experience and hide their content as best as possible for users with adblockers. It's also understandable, because these sites don't want users but adviews and adclicks. They would rather intensify their efforts to force the user to turn on adds than make sure the website works without generating revenue.
I also don't think we would see much more subscription or pay once models, because they are just not viable for many websites. These websites would simply cease to exist and we end up with less diverse available information on the internet.
I don't think FLoC provides a default - that's the browser's job. We can all guess what Chrome's default will be (although I'd also expect that Incognito will disable or at least reset FLoC), but regulations like GDPR/CCPA might still require affirmative consent.
Re: obnoxiously bad service, frankly I think sites should run however they want as long as they are truly transparent about it (not just a buried EULA). I prefer open sites, but nobody should be forced into service just because I have an IP.
> It seems like FLoC could make it easier to opt out centrally rather than going through a mess of specific (dis)approvals for the specific trackers on every site.
Wasn't this already the idea behind the DNT (Do Not Track) header?
But if FLoC requires the browser to do the tracking itself, would it be possible to fork Chromium, disable tracking, and have FLoC return fake or random data instead?
Opting out of cookies is often not very easy because of:
- hidden and confusingly worded opt-out dialogues
- different cookie banners on ever site
- dark patterns such as requiring far more clicks to opt-out than in
- opt-out dialogues with lots of technical wording
- sites that just don't provide opt-out options
- sites that purposely degrade the ux if you opt-out
All these mean that the average "not technical" user (such as my parents) cannot reliability opt-out.
Also worth remembering sites that simply dump their third party cookies before the prompt even loads up! Often someone doesn't understand how their cookie prompt script works, or simply doesn't care and assumes if people see the prompt they'll assume it's legal!
Textbook illegal, but major high-street global brand names do this, and there's no easy way to make them stop - regulators just can't move quickly enough or show enough teeth. We would need thousands of convictions per day to even scratch the surface - I'd estimate at least 9 in 10 sites I visit breaks the law in one way or another around their cookies and consent prompt.
Perhaps we need a way to commercialise and earn revenue from identifying the sites breaking the laws as you describe? The law demands "opt in" for Europe, yet everyone tries to skirt this and use dark patterns like forgetting the cookie settings of anyone who dares not accept everything. Many of these dark pattern techniques are actually illegal.
If you could commercialise each of these findings, we would have everyone compliant in a matter of weeks. SEC style whistleblower model (albeit on a smaller scale)?
It also seems like FLoC could make it more politically viable to crack down non-consensual tracking. Publishers wouldn't be able to say "we have no choice but to deal with this [third party tracker] scum" but could continue to gate content by subscription or (consensual) FLoC as necessary for their business model.
Pushing publishing and advertising towards proactive consent about targeting puts them into a dialog with the market about what's ok, instead of letting them hide behind a bunch of shifting tracker businesses.