Conversation

Everyone's talking about how to make your site request Chrome not do their FLoC tracking shit, but how about a bigger hammer: Apache, nginx, lightttpd, Caddy, etc.: make any request with FLoC headers in it reply with result code 400. Force Google to remove that shit entirely.

121

439

Charlotte

(moved to @charlotte@akko.chir.rs)

@dark_kirb

Apr 19, 2021

Replying to

@RichFelker

i can't tell what that header is supposed to be and it appears that a copy of chrome i just installed to test what header is supposed to be sent has not been chosen for tracking

Replying to

This might be why.

Quote Tweet

Daniel Micay

@DanielMicay

Apr 19, 2021

Replying to @RichFelker

It's currently only enabled for users with a bunch of privacy invasive settings. Disabling any of the relevant settings in Chrome or your Google account disables being a candidate for the trial. Currently wouldn't be telling users to disable FLoC but rather more invasive stuff.

Charlotte

(moved to @charlotte@akko.chir.rs)

@dark_kirb

Apr 19, 2021

Replying to

@RichFelker

ah i need to login to my google account for that

Charlotte

(moved to @charlotte@akko.chir.rs)

Replying to

and

i think it is somehow detecting me to be inside of the EU? even though google consistently thinks my finnish vpn is in the UAE

Replying to

and

It's only enabled for a random subset of users with all of the constraints that I listed as a field trial. You can force it enabled via the appropriate CLI switch. They probably use your Google account to avoid testing it for users where GDPR applies since it requires that ATM.

4:34 PM · Apr 19, 2021Twitter Web App

Replying to

and

The final feature will presumably simply be a toggle which would be opt-out for users signed into Google and perhaps opt-in for users where laws like GDPR may apply. It's not going to have the requirement of being logged in, having Chrome Sync enabled for history and so on.