-
Notifications
You must be signed in to change notification settings - Fork 89
Please consider opt in instead of opt out #126
Comments
I think that only websites that call the JavaScript API will be included in FLOC calculations (at least initially), it's just that websites with ads on them are likely have have their ads call the API. |
The opt out HTTP response header will prevent your site from being used for FLoC training even if a script on the page does call Currently the only way to do this opt-out is with the HTTP header (opting out of computation). There is another issue that covers adding an opt-out tag in the HTML that would not require access to set a header on the site: #13 |
This sounds like opt-in actually, I did focus on the opt-out HTTP header while missing that the whole FLOC was opt-in by default.
I checked the Chromium source-code and it seems that the implementation matches the specifications. Floc is enabled only when you call the API of if a website calls a resource tagged as an ad, and it's not enabled when explicitly disabled (through the header or permissions). At least in the open-source part of the project. But to detect whether a resource is an ad is not very clear. The documentation says that Chrom·e·ium uses a filter list for ad tagging, but without mentioning which one. The example filter list is easylist but is Google using easylist to track people more ? |
I found the filter list. |
FLoC actually has to be an opt-in in order to comply with EU GDPR. I'm not a lawyer, but ways to get around GDPR could be a part in terms of use of webbrowsers, but I think the GDPR needs something like those annoying cookie warnings so opt-in each single use if it's active. |
@paradonym The FLoC experiment is not being run in the EU, and while I'm not sure if there's been a statement from Google as to why, most people I've heard from assume that it's the reason who just mentioned. |
If I understand the concept correctly, now Google Chrome tracks users across all websites using
floc
, with the exception of the very few websites who opted out using a weird HTTP header, and not the European users because the GDPR is actually pretty neat.As a modest website publisher, I used to have a blog when it was cool and I still have a few random webpages, I don't want my websites to be used for tracking. And I don't want to have the burden of adding a HTTP header. I don't even know how to do so on many webpages as I don't have control of the HTTP headers.
I also believe most websites owners will not opt out their websites because they do not know about floc or its implications, or they don't have the technical possibility or simply the right competences.
Could you require a HTTP header or a JavaScript call to enable
floc
? Trackers could still usefloc
but websites without trackers would not be involved in this.The text was updated successfully, but these errors were encountered: