Conversation

Everyone's talking about how to make your site request Chrome not do their FLoC tracking shit, but how about a bigger hammer: Apache, nginx, lightttpd, Caddy, etc.: make any request with FLoC headers in it reply with result code 400. Force Google to remove that shit entirely.

121

439

Replying to

nginx literally includes a first party module for making tracking pixels more efficient: nginx.org/en/docs/http/n Their customers are web sites, advertising companies, etc. not the end users of those sites.

Replying to

and

I could see Caddy conservatively setting some privacy / security headers by default but nothing beyond that. I don't think any web server is going to break the web for a subset of users by default. The only way Chrome doesn't deploy FLOC is Google deciding it's not a good idea.

Replying to

An error message saying "you nerd to turn this off to proceed" wouldn't be breaking the web.

Replying to

It's currently only enabled for users with a bunch of privacy invasive settings. Disabling any of the relevant settings in Chrome or your Google account disables being a candidate for the trial. Currently wouldn't be telling users to disable FLoC but rather more invasive stuff.

Replying to

and

Chrome: * Third party cookies enabled * Signed into Chrome with Google account * Chrome Sync enabled for history * No sync passphrase Google account: * Web & App Activity enabled + toggle to include Chrome history * Ad Personalization enabled + toggle to include app activity

Replying to

Aren't *all* of those on by default? Including Chrome sign-in and sync since they made it happen automatically when you login to Google website via Chrome unless you find hidden switches to opt out?

Daniel Micay

@DanielMicay

Replying to

@RichFelker

Sync is never automatically enabled. They made it so that by default, signing into Google will sign into the browser but it won't enable sync automatically. If you explicitly sign into the browser, it works differently and enables Sync, since that's the point of signing into it.

1:53 PM · Apr 19, 2021Twitter Web App

Replying to

and

The main thing they changed is that if you're already logged into a Google account, Chrome Sync can be enabled by pressing a couple buttons. It's essentially a way of promoting the browser's sync feature since that's what the ability to sign into the browser actually gives you.