Conversation

Everyone's talking about how to make your site request Chrome not do their FLoC tracking shit, but how about a bigger hammer: Apache, nginx, lightttpd, Caddy, etc.: make any request with FLoC headers in it reply with result code 400. Force Google to remove that shit entirely.

121

439

Replying to

nginx literally includes a first party module for making tracking pixels more efficient: nginx.org/en/docs/http/n Their customers are web sites, advertising companies, etc. not the end users of those sites.

Replying to

and

I could see Caddy conservatively setting some privacy / security headers by default but nothing beyond that. I don't think any web server is going to break the web for a subset of users by default. The only way Chrome doesn't deploy FLOC is Google deciding it's not a good idea.

Replying to

An error message saying "you nerd to turn this off to proceed" wouldn't be breaking the web.

Daniel Micay

@DanielMicay

Replying to

@RichFelker

It's currently only enabled for users with a bunch of privacy invasive settings. Disabling any of the relevant settings in Chrome or your Google account disables being a candidate for the trial. Currently wouldn't be telling users to disable FLoC but rather more invasive stuff.

12:51 PM · Apr 19, 2021Twitter Web App

Replying to

and

Chrome: * Third party cookies enabled * Signed into Chrome with Google account * Chrome Sync enabled for history * No sync passphrase Google account: * Web & App Activity enabled + toggle to include Chrome history * Ad Personalization enabled + toggle to include app activity

Replying to

and

So, currently, disabling a single one of those things will disable being a candidate for the FLoC trial. I think what's going to happen is they'll start reducing the requirements to the point that it's the third party cookie toggle, and then that will become the toggle for FLoC.

Show replies

Replying to

I wouldn't call them more invasive just differently invasive. 3P cookies let malicious sites track you but they don't automatically submit the results of that tracking to every site you visit, even ones that didn't ask for it.