The current state with third-party cookie tracking is terrible. This is terrible in a different way. It gives Google even more control over the ad-tech industry. Rather than a diversity of ad-tech kings using third-party cookies to track people and invade privacy, this becomes the "One Ring to Rule Them All" that makes Google even more dominant in ad-tech, while allowing them to pretend that they care about privacy as a prophylactic to anti-trust action. It's nothing if not clever.
What about FLoC gives Google "even more control"? Isn't it something any ad-company can use? Maybe I don't understand how it works, but from what I've read, any website has the exact same access as Google does to the data.
"When third-party cookies are replaced by FLoC, Google will have a way to track consumers that isn’t available to other companies, which could give Google a steep advantage in the advertising business." [1]
According to the EFF, Google controls the algorithms, and will also be running its implementation and auditing its outputs, a task the EFF describes as "both orwellian and sisyphean". The EFF also notes that "Users and advocates must reject FLoC and other misguided attempts to reinvent behavioral targeting."
It's about writes, not reads. With cookies, the tracking networks get to decide what data to store, and they're bounded by what browser APIs allow. FLoC data is computed by Chrome itself, so Google and only Google gets to decide what data is exposed, and it has full access to your browsing behavior even if you're blocking (or visiting sites that don't use) trackers.
The "data" is just a not further specified number and then they waxed a bunch of lyric about how this number will only be determined through privacy-preserving magic algorithms.
So yes, controlling how that number is calculated is infinitely more control than reading it.
Yes it is absolutely worse. The very notion that we need a identification profile that tracks are behavior is ridiculous. Contextual advertising works. If you visit a blog that covers tech hardware... advertisers can pay to put ads here or PC parts etc. If you visit a website that covers hiking trails .. advertisers can buy ads here for camping gear etc.
It is utter ridiculous to think we need to be tracked from site to site and profiled to this degree.
It would, unfortunately advertising agencies have showcased advertisers that they can hijack focus of an average website visitor with rich graphics irrespective of the context e.g. Say toothpaste ad on a tech blog; And the toothpaste company doesn't care as long as they get a click(even if the conversion is abysmal).
Other side of the story is that the tech blog would find it very hard to get a proper referral link for PC parts they're covering for contextual advertising unless they're of considerable size. Where as getting a banner ad to display what ever it wants is just usually couple of clicks.
As a result, whole Internet is full of rich graphics built by and built for these advertisers making simple text based readable websites an endangered species; Further making the lives of those with accessibility needs miserable.
> For pages that haven't been excluded, a page visit will be included in the browser's FLoC calculation if document.interestCohort() is used on the page. During the current FLoC origin trial, a page will also be included in the calculation if Chrome detects that the page load ads or ads-related resources.
> if Chrome detects that the page load ads or ads-related resources.
Let me guess, “ads-related resources” are not defined, but in a court case in 5-10 years time it’ll be accidentally revealed that internally Google considers this to include “JavaScript, css, or HTML files”...
> During the current FLoC origin trial, a page will also be included in the calculation if Chrome detects that the page load ads or ads-related resources. (Ad Tagging in Chromium explains how Chrome's ad detection mechanism works.)
> Ad Tagging works by matching resource requests against a filter list (...) to determine if they’re ad requests. Any requests matching the filter are tagged as ads. Further, requests (and some DOM elements such as iframes) made on behalf of previously tagged scripts are also tagged as ads by the AdTracker. An iframe will be marked as an ad iframe if its url matches the filter list, if tagged script is involved in the creation of the iframe, or if its parent frame is an ad iframe. The main frame of a page will never be tagged as an ad. Any request made within an ad iframe is considered an ad resource request.
I can't find what is included in this filter list, I'm not sure it's open source.
(mandatory disclaimer: I work at Google, not on Chrome nor ads)
The court case will reveal that google used the string "ad" to search within html documents, thy completely missed that <head> will contain the ad substring...
Excluding a page is a manual process however, requiring to set the header mentioned in the blog post. So website owners have to explicitly opt-out of FLoC.
If Google is going to shift to using almost unblockable tracking calculations, then servers are the next most logical place to push back against it.
Anyone who runs a site and wants to opt in against a default block should have to take extra action to reduce their visitors privacy, and should be called out for their behavior.
As others have noted, there are already plenty of workarounds in use for many reasons... this is a BETTER reason than most.
They own the entire .dev gTLD namespace - they aren't hiding it, but it's probably not common knowledge.
I am not defending Google behavior, I have no dog in this fight, just sharing. In fact, there was a weird behavior I detected inadvertently last year 2 employers ago where I couldn't load any .dev public internet sites due to preloaded rules that hadn't been updated since before the .dev gTLD was publicly available. Some would load, and others (web.dev in particular) wouldn't load. Anyways yeah this sucks, it seems that any new advancements in web related technologies that could enable new privacy measures are just side stepped by the dark wizards out of Mountain View...
I kept thinking that web.dev is the same as webplatform.org, which was positioned as a community-driven replacement for Mozilla's MDN Web Docs and heavily pushed by Google at the time.
Turns out webplatform.org was discontinued some time in 2015 and put up a notice pointing people at the MDN Web Docs. Then in 2017 Mozilla announced most of the key players (including Google) would now support the MDN Web Docs[0], which still seems to be true except they fired the entire MDN team in 2020[1]. It seems the advisory meetings are still happening and someone is maintaining MDN, but with Mozilla essentially only existing because Google continues to pay the bills, its future seems a lot less certain now.
Meanwhile web.dev makes no mention of MDN and instead mixes discussion of Google's proprietary "experimental" features and Chrome-specific behavior with general advice on "building better websites", duplicating some of the content already covered by the MDN Web Docs' guides section (except this gives them opportunities to cross-market their own interests while also not discussing support of features in other browsers).
I don't think Google is hiding who's behind as the footer literally has the Google Developers logo in it. They are however not acknowledging anything other than Chrome even exists and heavily blurring the lines between Chrome or Google-specific features and stable web standards. Coupled with certain public Google developers continuously chanting "use the platform" while criticizing people for using other web frameworks instead of custom elements, this certainly creates an impression of deception and dishonesty.
Youtube is very old and has its own reputation and a made-up trademark name. It's not trying to hijack the entire concept of a generic idea like "web dev" that existed before Google existed.
Definitely worse, but also the next logical step given that an ad company has achieved relative browser dominance and has such weight to throw around in defining web standards.
Moves like this were inevitable. Writing's been on the wall a while now too.
I do not currently see it as worse and in fact I see it as better. If Google becomes the boundary behind which my information is shielded they are also the target for accountability. They generally seem a preferred option for this role relative to the others in the market (the little I know much about it). Further this seems a general good fit for their capabilities, business goals and role in society broadly, which is a position counter to the assertions the EFF appears to make. My position and argument is that Google should do what they are naturally doing and be held accountable for sensible privacy, etc by the law and watch that evolve. This seems both fair leverage of their market position and sensible use of it. Competition is freely able to develop their own niche, as is Brave and anyone else able to do. (For example why Mozilla hasn't developed VPN services, etc sooner is beyond me.) Hope this is constructive.
> "[..] use my visitors data for advertising and surveillance [..]"
..and to improve a search engine empire that is arguably the basis for the majority of their ad business and which is already a factual monopoly.
If you successfully avoided giving Google your visitor traffic data so far (by passively avoiding Google analytics, fonts, maps, etc.) then from now on you will have to take active steps to keep their fingers out of your cookie jar.
I meant that you have to do something to use Google Analytics, Fonts, etc. If you do nothing you don't give data to Google. With FLoC this changes. If you do nothing you are complicit in sending your user data to Google. If you want to avoid it you actively have to add a header to your site.
Does anyone else see FLoC as worse than the current state we're in?