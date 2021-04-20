



WordPress’s core contributor’s suggestion to treat Google’s FLoC advertising technology as a security vulnerability and therefore backport automatic opt-out to previous WordPress versions shows the depth of community opposition to this technology. I will.

FLoC (Federated Learning of Cohorts) is Google’s scheme for replacing third-party cookies with a group-based advertising personalization system for users. Despite widespread opposition from privacy advocates and browser makers, Google is still experimenting with the current version of Chrome.

Currently, WordPress Core contributors are proposing to treat FLoC as a security concern.

This proposal is important because WordPress is the most popular content management system on the web and has a market share of about 40% according to builtwith. This relies on the fact that websites can opt out of FLoC through the new Interest Cohort Authorization Policy. This includes sending HTTP response headers.

Privileges-Policies: interest-cohort = ()

If WordPress treats FLoC as a vulnerability and applies this header to all WordPress sites that automatically apply security patches, a significant portion of the web will be opted out.

Sites that specifically want to use FLoC can enable FLoC, probably because they believe that site owners will improve their advertising revenue. In fact, for WordPress sites, the scheme is opt-in rather than opt-out.

Proposal author Carike added that there is also a feature request to opt out of the next version of WordPress, 5.8, by default, but said 5.8 is only scheduled for July 2021. FLoC will probably be deployed. this month.

WordPress suggestions gained immediate support and provided support from other developers. WordPress should take an Apple-like stance on privacy in this regard, one said.

Security … or privacy?

Of course, some denials like this argue that websites that want to block FLoC are likely to have the technical know-how to add and disable it in the header … where about what WordPress should do … Do you draw a line? Are you blocking at the core for privacy? … calling it a security concern is absolutely wrong and sets a dangerous precedent for what security is and what privacy is.

Google’s FLoC is jumping into headwinds as the Internet advertising industry is driving instability

This concern agrees with the overall sentiment here, but from another person who said it was a mistake to treat it as a security update and risked misusing user confidence in automatic updates. It was repeated.

Despite opposition from the development community, many site owners may want to enable FLoC rather than reduce the risk of advertising revenue. Many of the so-called SEOs (Search Engine Optimization) focus on how to optimize your site for Google, and FLoC support is a step you need to take to get your website to perform at its best. May be added to the list of. Commercial perspective.

This unusual proposal shows the depth of opposition to FLoC. It also suggests that Google needs to protect W3C support in order to gain support for schemes beyond Chrome. This seems difficult now. WC3 institutions like TechnicalArchitectureGroup (TAG) are calling First Party Sets, another part of Google’s privacy sandbox, which is harmful to the web in its current form. Google has requested a TAG review of the FLoC, but given the speed of its deployment, it’s not clear how much weight the company is weighting the W3C view.

Last week, Google said: “The Privacy Sandbox Proposal was developed as part of a joint open source effort. We work with the W3C and the broader web community to find solutions that improve privacy while maintaining a healthy ecosystem. We welcome your continued feedback. ”

