There's now a WordPress proposal to treat Google FL*C as a security concern. WordPress powers 41% of the web and this move could help get rid of FL*C! 👀🤞
@plausible this is great, thanks for the write-up! Will deploy on sites I manage.
That said, how the hell is this acceptable for Google or anyone else to make this opt-out? Will I have to add special headers for Amazon? Facebook? Microsoft? Apple? Marketing-agency-down-the-road?
Absolute crap. Thank you for being a positive force in all of this.
@rysiek thanks Rysiekúr! hoping that CMS providers such as WordPress will make this move default out of the box for everyone
@plausible I wonder if Apple could be convinced, based on their... lack of love for Google, and on their "privacy"-focused brand strategy (as disingenuous as it might be).
@plausible You say you would like to opt-out, but, if I understand well, it is just a flag and we have no assurance that it is respected and we should not be too confident in the trust we can have in Google.
@plausible thanks for that!
I have a (probably naive) question: does the .htaccess code you provide work for any local file, even if it is not at the root of the Apache server? (for people who do not manage the server but simply have a subdomain there)
@plausible just to check: I should just create a .htaccess file in a folder with
Header always set Permissions-Policy: interest-cohort=()
only inside and check the request for any html file in the same folder, right?
@plausible Would an http-equiv meta tag work in place of the server response header? My site is hosted on Vercel, so I don't have much choice in headers.
@tristan957 don't think so but not sure. in these cases, it's best to promote the idea that the platforms and tools such as Vercel (if they care about privacy) should enable this by default or give the option
@plausible I found this commit that seems to say setting "Permissions Policy" via a meta tag is part of the spec.
@plausible securityheaders.com also doesn't seem to look at http-equiv meta tags which is unfortunate.
@tristan957 You can set headers for sites hosted using Vercel (without any extra costs or anything). See https://vercel.com/docs/configuration#project/headers
You could make a vercel.json like this:
"headers" : [
"key" : "Permissions-Policy",
"value" : "interest-cohort=()"
Opted out of Google FLoC on my website with following lines in my netlify.toml
for = "/*"
Permissions-Policy = "interest-cohort=()"
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.