←back to thread

Google’s FLoC Is a Terrible Idea

(www.eff.org)
604 points wyldfire | 1 comments | 04 Mar 21 15:59 UTC | HN request time: 0s | source
Show context
dleslie ◴[04 Mar 21 16:49 UTC] No.26344736[source]
This captures my feelings on the issue:

> That framing is based on a false premise that we have to choose between “old tracking” and “new tracking.” It’s not either-or. Instead of re-inventing the tracking wheel, we should imagine a better world without the myriad problems of targeted ads.

I don't want to be tracked. I never have wanted to be tracked. I shouldn't have to aggressively opt-out of tracking; it should be a service one must opt-in to receive. And it's not something we can trust industry to correct properly. This is precisely the role that privacy-protecting legislation should be undertaking.

Stop spying on us, please.

replies(10): >>26345317 #>>26345398 #>>26345438 #>>26345507 #>>26345714 #>>26346976 #>>26347529 #>>26347549 #>>26349806 #>>26350238 #
evrydayhustling ◴[04 Mar 21 17:48 UTC] No.26345507[source]
It seems like FLoC could make it easier to opt out centrally rather than going through a mess of specific (dis)approvals for the specific trackers on every site. Maybe it could even be a good place for a dial - "I'll expose a 4-bit cohort, but nothing more specific."

It also seems like FLoC could make it more politically viable to crack down non-consensual tracking. Publishers wouldn't be able to say "we have no choice but to deal with this [third party tracker] scum" but could continue to gate content by subscription or (consensual) FLoC as necessary for their business model.

Pushing publishing and advertising towards proactive consent about targeting puts them into a dialog with the market about what's ok, instead of letting them hide behind a bunch of shifting tracker businesses.

replies(6): >>26345563 #>>26346014 #>>26348043 #>>26348349 #>>26349630 #>>26349899 #
dleslie ◴[04 Mar 21 17:51 UTC] No.26345563[source]
It still coerces consent with a bad default. Sites will refuse to operate unless the FLoC is enabled, or will become obnoxious to use with it disabled. However, if FLoC were disabled by default then sites would be less likely to provide an obnoxiously bad service to those with it disabled.

The best default is not to track at all.

replies(4): >>26346426 #>>26348585 #>>26349273 #>>26349707 #
ummonk ◴[04 Mar 21 22:57 UTC] No.26349707[source]
If I understand correctly, couldn't you just provide a static FLoC that isn't personalized? How will the sites know whether what they're receiving is actually personalized or not?
replies(1): >>26350520 #
1. g_p ◴[05 Mar 21 00:18 UTC] No.26350520[source]
This is my question - unless this ties in with a model to rely on trusted computing, a system receiving a FLoC shouldn't be able to validate it. That means a browser plugin could simply return "0000".

Unless this ends up as some closed source DRM style blob (in which case we might as well kiss goodbye to the open web that can be accessed by standards compliant browsers), I can't see how anyone can stop this.

On the other hand, given the widespread use of ad blockers and tracking block lists, perhaps this simply isn't a design goal - just accept that 20% of techies will block it anyway and return 0 or simply not run a browser that supports it, and focus on the majority who think Chrome is synonymous with "the internet" and run it without add-ons.