Follow

Plausible has opted out of Google FLoC!

Visits to our site will not be included when Google determines a cohort to share with their partners for personalized advertising purposes.

We recommend other sites to opt out of FLoC too!

plausible.io/blog/google-floc

There's now a WordPress proposal to treat Google FL*C as a security concern. WordPress powers 41% of the web and this move could help get rid of FL*C! 👀🤞

make.wordpress.org/core/2021/0

@plausible this is great, thanks for the write-up! Will deploy on sites I manage.

That said, how the hell is this acceptable for Google or anyone else to make this opt-out? Will I have to add special headers for Amazon? Facebook? Microsoft? Apple? Marketing-agency-down-the-road?

Absolute crap. Thank you for being a positive force in all of this.

@rysiek thanks Rysiekúr! hoping that CMS providers such as WordPress will make this move default out of the box for everyone

@plausible I wonder if Apple could be convinced, based on their... lack of love for Google, and on their "privacy"-focused brand strategy (as disingenuous as it might be).

@rysiek @plausible

I absolutely hate this opt-out non-sense. Reminds me of Google's "_nomap" suffix for wlans. 🤯

Why do they get away with that?

@plausible You say you would like to opt-out, but, if I understand well, it is just a flag and we have no assurance that it is respected and we should not be too confident in the trust we can have in Google.

@plausible Thanks for that blog post, was not aware of this. I added the policy to our sites!

@plausible thanks for that!
I have a (probably naive) question: does the .htaccess code you provide work for any local file, even if it is not at the root of the Apache server? (for people who do not manage the server but simply have a subdomain there)

@silmathoron not sure unfortunately. you could try and see if it works

@plausible just to check: I should just create a .htaccess file in a folder with

<IfModule mod_headers.c>
Header always set Permissions-Policy: interest-cohort=()
</IfModule>

only inside and check the request for any html file in the same folder, right?

@plausible Would an http-equiv meta tag work in place of the server response header? My site is hosted on Vercel, so I don't have much choice in headers.

@tristan957 don't think so but not sure. in these cases, it's best to promote the idea that the platforms and tools such as Vercel (if they care about privacy) should enable this by default or give the option

@plausible In practice that isn't the case it seems...according to the security-headers.com site :/

@plausible Seems like it hasn't been accepted to the web standards and this is the PR to watch: github.com/WICG/floc/pull/47

Opting out at the site level could become a special meta tag.

@plausible securityheaders.com also doesn't seem to look at http-equiv meta tags which is unfortunate.

@tristan957 You can set headers for sites hosted using Vercel (without any extra costs or anything). See vercel.com/docs/configuration#

You could make a vercel.json like this:
{
"headers": [
{
"source": "/(.*)",
"headers" : [
{
"key" : "Permissions-Policy",
"value" : "interest-cohort=()"
}
]
}
]
}

@plausible
So, Floc is officially dead, before it even starts!

Opted out of Google FLoC on my website with following lines in my netlify.toml

[[headers]]
for = "/*"
[headers.values]
Permissions-Policy = "interest-cohort=()"

docs.netlify.com/routing/heade

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.