Hacker News new | past | comments | ask | show | jobs | submit login

Cmon, this is as backward as the "do not track" header... asking websites to explicitly opt out... in order to protect users from the users's own browser!?

No, just don't build stupid things into browsers.




Yeah, it's stupid, but the only option we have right now if the user does not disable FLoC in Chrome. We also honor the DNT header btw :)


Chrome users should just run a local proxy that inserts the header for them.


Chrome users should seriously reconsider switching to Firefox. We've created another Internet Explorer.


So, I was experimenting with this concept yesterday but couldn't get it to work...

How do you set up a local proxy to do this kind of stuff? I got up to the point of changing request/response headers but couldn't manage to actually edit the data going through, esp when dealing with ssl (which is the point really, of ssl).


mitmproxy


That is a good solution for corporate networks.


Let's say, Chrome has a bug that causes a crash unless you send Workaround-Chrome-Bug header. Why wouldn't you send the header until the bug is fixed in Chrome?

How is this situation in any way different?


Because the intent is the complete opposite, to add, not remove the bug... what else are they going to add, how many more headers are we going to end up with, what if the other browsers join in... this is not sustainable, but it's not supposed to be - they are betting on the fact that 99% of website owners will not even be aware of this issue let alone know how to configure their web server or be bothered to - it's purely for the purpose of saying "we allow you to opt out".

Saying "oh but we can thwart them with a header" is just naive, Google would like you to believe that. Look at the bigger picture.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: