Conversation

Everyone's talking about how to make your site request Chrome not do their FLoC tracking shit, but how about a bigger hammer: Apache, nginx, lightttpd, Caddy, etc.: make any request with FLoC headers in it reply with result code 400. Force Google to remove that shit entirely.

121

439

Replying to

nginx literally includes a first party module for making tracking pixels more efficient: nginx.org/en/docs/http/n Their customers are web sites, advertising companies, etc. not the end users of those sites.

Replying to

and

I could see Caddy conservatively setting some privacy / security headers by default but nothing beyond that. I don't think any web server is going to break the web for a subset of users by default. The only way Chrome doesn't deploy FLOC is Google deciding it's not a good idea.

Replying to

An error message saying "you nerd to turn this off to proceed" wouldn't be breaking the web.

Replying to

It's currently only enabled for users with a bunch of privacy invasive settings. Disabling any of the relevant settings in Chrome or your Google account disables being a candidate for the trial. Currently wouldn't be telling users to disable FLoC but rather more invasive stuff.

Replying to

and

Chrome: * Third party cookies enabled * Signed into Chrome with Google account * Chrome Sync enabled for history * No sync passphrase Google account: * Web & App Activity enabled + toggle to include Chrome history * Ad Personalization enabled + toggle to include app activity

12:55 PM · Apr 19, 2021Twitter Web App

Replying to

and

So, currently, disabling a single one of those things will disable being a candidate for the FLoC trial. I think what's going to happen is they'll start reducing the requirements to the point that it's the third party cookie toggle, and then that will become the toggle for FLoC.

Replying to

and

The most direct way to have people disable FLoC is to disable third party cookies. The setting will likely turn into a toggle for FLoC once they replace third party cookies. Currently, lots of ways to disable the trial, but only because the initial trial is very conservative.

Replying to

Aren't *all* of those on by default? Including Chrome sign-in and sync since they made it happen automatically when you login to Google website via Chrome unless you find hidden switches to opt out?

Replying to

Sync is never automatically enabled. They made it so that by default, signing into Google will sign into the browser but it won't enable sync automatically. If you explicitly sign into the browser, it works differently and enables Sync, since that's the point of signing into it.

Show replies