Opens an external site in a new window
Pray for peace.
RODNEY LAB
  • Home
  • Plus +
  • Projects
  • Giving
  • Contact
RODNEY LAB
  • Home
  • Plus +
  • Newsletter
  • Contact

Should you Worry about FLoC? How to Opt your Site out # Should you Worry about FLoC? How to Opt your Site out #

Should you Worry about FLoC? How to Opt your Site out
  1. Rodney Lab Home
  2. Rodney Lab Blog Posts
  3. Online Privacy Blog Posts
<PREVIOUS POST
NEXT POST >
LATEST POST >>

Should you Worry about FLoC? How to Opt your Site out #

Published: 2 years ago
4 minute read Gunning Fog Index: 8.8
Content by Rodney
Author Image: Rodney from Rodney Lab
SHARE:

🤖 What is FLoC? #

Before looking at if you should worry about FLoC, we'll first take a look at what is. We'll then see how it impacts web users before next looking at whether you should opt your site out. Finally we'll look at how to opt your site out of FLoC. Now we know the plan, let's look at what FLoC is first.

FLoC (Federated Learning of Cohorts) is presented as a privacy-preserving mechanism for interest-based ad selection  . The problem they are solving is targeting ads at the right people. In particular, if an advertiser can only show ads to web users who are potential customers they can spend their budget more efficiently. For web site users it might provide a better experience as they see more relevant ads (in reality, this is debatable). One resource companies currently use, for example, is tracking cookies. Noting which sites customers visit and how they interact it is possible to build up a profile of their interests.

FLoC takes a different approach. FloC calculates which cohort you belong in your browser. Particularly, your browser uses your history to determine which cohorts you belong to. People with similar interests will be placed in the same cohort. Now when an advertiser has an an ad prepared, it queries which cohorts you belong to and then decides whether to show you their advert. The website is able to access your cohort by calling document.interestCohort().

🧑🏽 How FLoC Affects Web Users #

Am I FloCed? Should you Worry about FLoC.
Should you Worry about FLoC? Am I FloCed?

With Google facing a privacy investigations in the EU  and recent fines under EU privacy laws  users may have privacy concerns over FLoC. Google does claim that Chrome will not create groups that it deems sensitive  though.

You probably will not notice that your browser is making FLoC calculations. However, you can check if your Chrome browser is being included in FLoC trials using a free Electronic Frontier Foundation website: Am I FLoCed  . Chrome users can only opt out of FLoC by disabling all third-party cookies. On the other hand, browsers like Firefox and Microsoft Edge do not currently have FLoC enabled  .

🔐 Should you Opt your Site out of FLoC? #

Currently, if your website does not include any adverts and nothing on the page uses document.interestCohort() it should not automatically be included in FLoC calculations  . This may mean you do not need to opt your site, if you do not want it to be used in FLoC calculations. That said, you may still wish to opt your site out from the FLoC calculations of your site users.

🖥 Should you Worry about FLoC? How to Opt Your Site out of FLoC #

Opting your site out is not difficult. You just need to set an HTTP header; the Permissions Policy header. The Permissions Policy header is an updated version of the Feature Policy  header. As a web site owner, you can set this header to improve security for visitors. As examples you might block access to the camera, geolocation or gyroscope.

    
Permissions-Policy: geolocation=(self "https://example.com"), microphone=()

These header values will allow geolocation access from the host website and example.com, and block all microphone usage.

The permissions policy parameter of concern for FLoC is interest-cohort. To exclude your site from being included in users' FLoC calculations, set:

    
Permissions-Policy: interest-cohort=()

If you are hosting your site yourself, you can update the header values in your Apache, Nginx or Relayd configuration file. If you have a Gatsby site hosted on Netflix or Gatsby Cloud, install either gatsby-plugin-netlify or gatsby-plugin-gatsby-cloud. The configuration is similar for these. In the gatsby-config.js for the plugin's options add the following as an example:

gatsby-config.js
javascript
    
{
resolve: 'gatsby-plugin-gatsby-cloud',
options: {
headers: {
'/': [
'Permissions-Policy: accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), geolocation=()',
'Strict-Transport-Security: max-age=31536000; includeSubDomains; preload',
],
},
mergeSecurityHeaders: true,
mergeLinkHeaders: true,
mergeCachingHeaders: true,
transformHeaders: (headers) => headers,
generateMatchPathRewrites: true,
},
},

You can do a check on your site's HTTP headers using Mozilla Observatory  or securityheaders.com  .

So, should you worry about FLoC? I would say it is healthier not to worry. Hopefully the explanation of FLoCs aims as well as details on how to opt out will give you peace of mind.

🙏🏽 Should you Worry about FLoC? Feedback #

I really do hope you have you found this post interesting as well as useful. Let me know your own thoughts on FLoC. Do you still think you should worry about FLoC? Have you decided to opt your site out or are you going all in? Also get in touch if you want to see other posts in this area. Finally, feel free to share the post on your social media accounts for all your followers who might find it useful. You can get in touch via @askRodney on Twitter and also askRodney on Telegram  . Also, see further ways to get in touch with Rodney Lab. If you have found this post useful and can afford even a small contribution, please consider supporting me through Buy me a Coffee

We post regularly on OpenBSD-centric content and security as well as online privacy. Also subscribe to the newsletter to keep up-to-date with our latest projects.

Thanks for reading this post. I hope you found it valuable. Please get in touch with your feedback and suggestions for posts you would like to see. Read more about me …

Rodney from Rodney Lab
TAGS:
ONLINE-PRIVACY

Likes:

Likes

  • Gatsby profile avatar
Likes provided by Twitter via Webmentions.

Related Posts

Getting Started with SvelteKit: 10 Tips

Getting Started with SvelteKit: 10 Tips

sveltekit
seo
accessibility
<PREVIOUS POST
NEXT POST >
LATEST POST >>

Leave a comment …

Your information will be handled in line with our Privacy Policy .

Ask for more

1 Nov 2022 — Astro Server-Side Rendering: Edge Search Site
3 Oct 2022 — Svelte eCommerce Site: SvelteKit Snipcart Storefront
1 Sept 2022 — Get Started with SvelteKit Headless WordPress

Copyright © 2020 – 2023 Rodney Johnson. All Rights Reserved. Please read important copyright and intellectual property information.

  • Home
  • Plus +
  • Newsletter
  • Contact
  • Terms of Use
  • Privacy Policy
We use cookies  to enhance visitors’ experience. Please click the “Options” button to make your choice.  Learn more here.