Posted on Leave a comment

Google, FLoC, Chrome, and You

woman in white shirt showing frustration

Wait. What the FLoC..?

So, after successfully migrating American Bogan™ away from Shopify, it appears that the first blog post here is going to be about your privacy and Google Chrome. Sure, why not.

If you haven’t heard of FLoC, or “Federated Learning of Cohorts” yet, I’ll try to give you you the easy explanation. I’m sure you’re familiar with web-cookies. At the very least, I’ll assume you’ve at least dismissed banner after banner on nearly every website you’ve visited that describe about how they use cookies, with some giving you the choice as to what you can enable or disable with a dialog box, all while pointing you to their own cookie policies or privacy policies.

This website is no different. It has a privacy policy page that points you to resources that explain how you can enable or disable them from within your own web-browser. I believe that knowing how to take control of your own privacy, is a fundamental right that must belong to you, as an Internet-izen, and should not be left to companies that exist purely through their ability to surveil, track, collect, categorize, and sell your browsing data to others.

Much of that tracking, over the past twenty years, has been enabled via the use of 3rd Party Cookies. They are, thankfully, becoming less useful as more browsers are already blocking third party cookies and other tracking technologies by default, restricting the ability to track you across multiple websites. Apple’s Safari and Mozilla’s Firefox browsers are already disabling them while Google will be disabling these tracking cookies in Chrome sometime between now and 2023.

You know it’s a good thing because the looming 3rd Party Cookie Apocalypse has got digital marketers freaked out!

So far, so good, right?

Remember that Google’s entire business model is based around monetizing the vast trove of data it’s been able to collect about Internet users (and, let’s not forget Facebook!) so they’re trying to figure out how to create the replacement for 3rd Party Cookies, and they’re opting Chrome users in to test their alternative.

Yeah.

So, how much do you trust Google, now?

Enter: Google’s Federated Learning of Cohorts, or FLoC.

The point of FLoC is to enable digital marketers to continue serving up targeted advertisements to you. Yeah, the ones that seem to follow you everywhere you go on the web. This is the point where I’ll let others, like the Electronic Frontier Foundation, describe why FLoC is a bad idea.

In simple terms, in order for targeted advertising to work at all, marketers need to be able to drill down deep enough to serve an ad that is relevant to you. That can only happen if they’re able to collect enough data to target cohorts of people more and more accurately. This creates an enormous risk beyond just your privacy!

A FLoC cohort is nothing more, and nothing less, than a summary of your recent browsing activity […] The ability to target people based on ethnicity, religion, gender, age, or ability allows discriminatory ads for jobs, housing, and credit. Targeting based on credit history—or characteristics systematically associated with it— enables predatory ads for high-interest loans. Targeting based on demographics, location, and political affiliation helps purveyors of politically motivated disinformation and voter suppression. All kinds of behavioral targeting increase the risk of convincing scams.

Electronic Frontier Foundation

The Problem With Google Chrome

It’s simple. If you’re using Chrome, there’s already a chance that you’ve been opted in to Google’s FLoC testing. This just adds to the list of reasons why I prefer Firefox or Safari. If you insist on using Chrome, DuckDuckGo has an extension for you to install.

Getting the FLoC out of American Bogan™!

So, what’s the point to all this nerdy talk?

  • For a variety of reasons, neither of my websites are running on Squarespace, Wix, Shopify, etc., in favor of WordPress and WooCommerce. This gives me total access to my web-space, and the ability to change whatever I want in order to improve my security posture at the web-server level via security-headers that web-browsers can understand;
  • Dreamhost, where my sites are hosted, incorporates their own security infrastructure and firewalls above my own;
  • Both sites are sitting behind Cloudflare for additional DDoS protection and firewall filtering;
  • I’ve disabled FLoC at the web-server level;
  • I tested a few other websites I personally know that are built using Squarespace, Shopify, WordPress, and Wix. Neither of the two Squarespace sites I tested scored above an E (one was an F, the other an E). The Wix site I tested scored an F, one Shopify store scored a B, and the other scored an A;
  • The three WordPress sites I checked scored Fs. WordPress may be capable of increased seurity; however, you gotta actually make the appropriate change to do it;
  • I do not know of a Weebly based site, off the top of my head;
  • No website I checked has disabled FLoC;
  • Although I currently use Google Analytics and FB’s Pixel for general analytics, I may use them for advertising purposes (I gotta pay bills, after all; however, ads are getting pricier and pricier as it is. *sigh*);
  • If I do end up using advertisements, keep in mind that my Privacy Policies not only encourage you to disable 3rd Party Cookies, they link you directly to resources that explain how to do so. With web-browsers now disabling 3rd party tracking by default, this is almost a moot point but your knowledge, privacy, and consent is important;
  • You are not required to create an account in order to make purchases or leave comments on my sites’ blogs;
  • Neither of my websites will save credit-card information for future re-use, even though it can be a convenience for users and even though Stripe’s connection is encrypted and information would be saved with Stripe;
  • If you want that level of convenience, I can easily encourage you to use digital wallets to make payments via your browsers or smartphones, which both of my websites support (Apple Pay is great for this!);
  • Chrome, similarly, supports digital payments. Do you trust Google?

As part of my “branding,” I’ve made a commitment on this e-commerce shop and with my photography website to sacrifice certain capabilities and features in order to focus on my users’ and customers’ privacy-first as much as possible, and as much as I am capable of providing, with my somewhat growing knowledge of web-mastering.

I hope that you feel comfortable enough browsing my websites to make a purchase down the road. If you don’t, that’s okay. I hope that can trust that this website and my photography website are doing everything possible to protect your information, no matter how obscure it may be. In the end, I hope I was able to teach you a little bit about the future direction that the Internet is taking.

3rd Party Cookies are dead. FLoC is the Google abomination growing to take their place.

FLoC – Frequently Asked Questions

What is FLoC?

FLoC is an acronym that stands for Federated Learning of Cohorts. Because 3rd party cookies are a dead technology, Google is trying to create their replacement and building that technology into Chrome.

Is FLoC a bad idea?

According to the Electronic Frontier Foundation, yes. It may make targeted advertising a little more difficult; however, it won’t be impossible nor will it prevent discrimination based on a variety of factors and demographics. 3rd party trackers can still combine other data available to them with FLoC data and figure out the kinds of people within each cohort.

Can I opt out of FLoC?

Currently, the only way to be certain is to avoid using Chrome since Google is incorporating FLoC testing for random users in Chrome version 89 or higher. Chrome is already at version 90+. DuckDuckGo has a Chrome extension that disables FLoC, and other tracking technologies. As far as I know, Apple and Mozilla have no plans to incorporate FLoC into Safari and Firefox, respectively.

Have I been opted-in to FLoC testing?

There’s one way to find out.

Is there a way to see if a particular website has disabled FLoC?

You can run the URL through a security-header test and look under “Permissions Policy” for a reference to “interest-cohort=()” highlighted in green. While you’re there, feel free to test out any other websites you know and see how their security summary scores line up and ask the website owner if they have any plans to improve their security for the benefit of their users and customers. ;D

Leave a Reply

Your email address will not be published. Required fields are marked *