Skip to content
This repository has been archived by the owner on Mar 16, 2023. It is now read-only.

Provide rationale for FLoC being opt-out rather than opt-in #103

Closed
MarkTiedemann opened this issue Apr 15, 2021 · 5 comments
Closed

Provide rationale for FLoC being opt-out rather than opt-in #103

MarkTiedemann opened this issue Apr 15, 2021 · 5 comments

Comments

@MarkTiedemann
Copy link

I don't understand why the burden to opt-out is placed on users (e.g. disable history data sync) and sites (add Permissions-Policy header).

Is there any documentation about why FLoC is opt-out rather than opt-in?
@michaelkleber
Copy link
Collaborator

Regarding sites, see the discussion in #45 (comment).

Regarding history data sync, (1) this is indeed opt-in not opt-out, and (2) synced data is not used to calculate your flock, only as a way for Chrome to ensure certain global privacy protections; see this part of the explainer.

@infostreams
Copy link

The reason is that you cannot make money if people have to opt-in to tracking behavior. I mean, come on.

AbhyudayaSharma added a commit to AbhyudayaSharma/abhyudayasharma.github.io that referenced this issue Apr 16, 2021
@AbhyudayaSharma
Opt out of Google's FLoC
11aba46 
See:

* https://github.com/WICG/floc#opting-out-of-computation
* WICG/floc#103
* WICG/floc#100

FLoC can allow Google (and presumably other parties) to track users across the web. Anyone visiting my website would have his cohort change, making them more easily identifiable across the web. I do not track my users and neither should Google, or any one for that matter.
@MarkTiedemann
Copy link
Author

Thanks for the pointer, @michaelkleber.

During the Origin Trial, the default for whether a page will be used for FLoC computation will be based on Chrome's existing infrastructure which detects pages that load ads-related resources.

Both the opt-out (via an interest-cohort permissions policy) and the opt-in (via calling the API on a page that did not opt out) will work; the ad resource detection will be the default for pages that don't do either one.

Is ad resource detection (supposed to be) included in the spec or is this just a determining factor during the Origin Trial?

Regarding history data sync, (1) this is indeed opt-in not opt-out, (...)

Yes, history data sync is indeed opt-in, and yes, among other things, the user must be logged into a Google account and must have ad personalization enabled.

But no user has specifically opted-in to cohort computation. Is that correct?

Are there any plans to add a setting to enable/disable FLoC to chrome://settings/privacy, chrome://flags or similar?

@michaelkleber
Copy link
Collaborator

Is ad resource detection (supposed to be) included in the spec or is this just a determining factor during the Origin Trial?

As in #45 (comment), our expectation for the full launch is to default to pages not contributing, with the opt-out and opt-in both available. But please remember that the point of an Origin Trial is to learn our lessons before the details are fixed — so the final design is still subject to change based on OT feedback.

But no user has specifically opted-in to cohort computation. Is that correct?

Correct.

Are there any plans to add a setting to enable/disable FLoC to chrome://settings/privacy, chrome://flags or similar?

Yes! It's in Chrome 90, which is currently the stable branch. Probably not turned on for everyone quite yet, but soon.

@MarkTiedemann
Copy link
Author

Thanks for clarifying, @michaelkleber.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@infostreams @MarkTiedemann @michaelkleber