5

Devs in Europe - Are you doing anything to block FLoCs on your/ your companies’ websites?

Comments
  • 8
    Since it's the browser that aggregates the data, there's nothing a website can do against that. This needs to happen at user level - by abandoning Chrome. Alternatives are e.g. Firefox and Vivaldi.
  • 7
    @Fast-Nop seems as a developer you can if you have access over your Apache server. Check out Q #7 in,

    https://plausible.io/blog/...

    I’m just curious if this is being talked about in teams and especially wrt to existing GDPR compliance.
  • 2
    @bizAnalyst That's interesting - added that into my private .htaccess right away.

    It's a bit of a mess because permission policy is supposed to be the successor of feature policy, but only Chrome implements permission policy so that you actually have to send both headers. Then again, also only Chrome implements FLoC so that this doesn't need to go into feature policy.
  • 6
    @Fast-Nop Vivaldi is not an alternative, it's just a different flavor of Chrome. Nowadays there's basically just Chrome and Firefox, and Chrome variants released in the same frequency as JS frameworks.
  • 4
    @deadlyRants Vivaldi is an alternative, and it isn't Chrome. It's based on Chromium, and on this specific topic, see Vivaldi's announcement: https://vivaldi.com/blog/...

    TL;DR: Vivaldi will not support FLoC.
  • 2
    The interesting question is whether the GDPR would demand website operators to actively nope out of FLoC via the HTTP header. I don't think so because the data processing does not happen on the website and not by the website operator or his hosting provider so that there would be no legal basis for such a requirement. The difference e.g. to Google Analytics is that the website operator actively includes GA on the website.

    Of course it's nice of website operators to use the HTTP header and sabotage the FLoC shit right away - though the likely result will just be that Chrome will ignore that header.
  • 4
    @Fast-Nop Can GDPR be interpreted in any way that would lead to the conclusion - chrome CANNOT ignore the header and are mandated to process the opt out request in header?

    Also kudos for adding it to tour site.
  • 2
    It assemes Chrome will actually respect that header. Which it will not. (It's google, ofc they don't care).

    hThe best thing to do is to start displ;aying a banner "Warning, your browser uses your data without your permission". And then see how 99% of people don't care.
  • 2
    @bizAnalyst Yes, I think Chrome ignoring the opt-out header would lead Google into GDPR trouble. RN, they don't even dare to test that anti-feature in GDPR countries.
  • 2
    Less abbreviations please!
  • 3
    @bizAnalyst Thanks for sharing that link, I'll try to add a PR for that in my browser framework or just send this header by default.

    I know it's wishful thinking, but I hope this will follow up with a lawsuit.
  • 0
    It goes on: Not only that Mozilla, Apple, Microsoft, Vivaldi AS and Brave are against this at browser level - now even WordPress came out.

    For once, they are doing the right thing! They treat it as security issue and disable it, reasoning that those who want it can still enable it. That's a blow because they power 40% of the web. See here: https://make.wordpress.org/core/...

    Looks like Google is getting under fire from all sides and has already quite some egg on its face.
  • 0
    1. I meant Web framework. Damn you 2am me.
    2. Someone from the core-team, who has studied the Permissions-Policy header better than me, left a comment with a better solution (architecture wise) not sure if partly inspired by what I wanted to do. Nonetheless, they are "💯 on this". Love this community
Add Comment