Google’s FLoC Is a Terrible Idea

(www.eff.org)

604 points wyldfire | 1 comments | 04 Mar 21 15:59 UTC | HN request time: 0.25s | source

Show context

dleslie ◴[04 Mar 21 16:49 UTC] No.26344736[source]▶

This captures my feelings on the issue:

> That framing is based on a false premise that we have to choose between “old tracking” and “new tracking.” It’s not either-or. Instead of re-inventing the tracking wheel, we should imagine a better world without the myriad problems of targeted ads.

I don't want to be tracked. I never have wanted to be tracked. I shouldn't have to aggressively opt-out of tracking; it should be a service one must opt-in to receive. And it's not something we can trust industry to correct properly. This is precisely the role that privacy-protecting legislation should be undertaking.

Stop spying on us, please.

replies(10): >>26345317 #>>26345398 #>>26345438 #>>26345507 #>>26345714 #>>26346976 #>>26347529 #>>26347549 #>>26349806 #>>26350238 #

evrydayhustling ◴[04 Mar 21 17:48 UTC] No.26345507[source]▶

>>26344736 #

It seems like FLoC could make it easier to opt out centrally rather than going through a mess of specific (dis)approvals for the specific trackers on every site. Maybe it could even be a good place for a dial - "I'll expose a 4-bit cohort, but nothing more specific."

It also seems like FLoC could make it more politically viable to crack down non-consensual tracking. Publishers wouldn't be able to say "we have no choice but to deal with this [third party tracker] scum" but could continue to gate content by subscription or (consensual) FLoC as necessary for their business model.

Pushing publishing and advertising towards proactive consent about targeting puts them into a dialog with the market about what's ok, instead of letting them hide behind a bunch of shifting tracker businesses.

replies(6): >>26345563 #>>26346014 #>>26348043 #>>26348349 #>>26349630 #>>26349899 #

contravariant ◴[04 Mar 21 21:08 UTC] No.26348349[source]▶

>>26345507 #

Eh opting out of cookies is pretty easy, and opting out of any background fingerprinting is impossible in either scenario.

replies(2): >>26349374 #>>26349392 #

fckthisguy ◴[04 Mar 21 22:29 UTC] No.26349374[source]▶

>>26348349 #

Opting out of cookies is often not very easy because of:

- hidden and confusingly worded opt-out dialogues - different cookie banners on ever site - dark patterns such as requiring far more clicks to opt-out than in - opt-out dialogues with lots of technical wording - sites that just don't provide opt-out options - sites that purposely degrade the ux if you opt-out

All these mean that the average "not technical" user (such as my parents) cannot reliability opt-out.

We ought to have opt-in be the default.

replies(2): >>26349770 #>>26350600 #

1. g_p ◴[05 Mar 21 00:25 UTC] No.26350600[source]▶

>>26349374 #

Also worth remembering sites that simply dump their third party cookies before the prompt even loads up! Often someone doesn't understand how their cookie prompt script works, or simply doesn't care and assumes if people see the prompt they'll assume it's legal!

Textbook illegal, but major high-street global brand names do this, and there's no easy way to make them stop - regulators just can't move quickly enough or show enough teeth. We would need thousands of convictions per day to even scratch the surface - I'd estimate at least 9 in 10 sites I visit breaks the law in one way or another around their cookies and consent prompt.

Perhaps we need a way to commercialise and earn revenue from identifying the sites breaking the laws as you describe? The law demands "opt in" for Europe, yet everyone tries to skirt this and use dark patterns like forgetting the cookie settings of anyone who dares not accept everything. Many of these dark pattern techniques are actually illegal.

If you could commercialise each of these findings, we would have everyone compliant in a matter of weeks. SEC style whistleblower model (albeit on a smaller scale)?

↑