FLoC off! WordPress proposes treating Google’s new targeted ad tech as a security concern

Google’s Federated Learning of Cohorts (FLoC) technology has raised the hackles of many, and the latest to express concern at the new user tracking and ad targeting technique is WordPress.

The blogging platform joins the likes of DuckDuckGo in standing up to Google, suggesting it could block Google’s new technology on the sites it powers. With WordPress catering for around two-fifths of the web, the proposal could have a huge impact on what Google has planned. Fighting FLoC, WordPress says it “can help combat racism, sexism, anti-LGBTQ+ discrimination and discrimination against those with mental illness with four lines of code”.

Privacy-centric search engine DuckDuckGo and  privacy advocates like the EFF (Electronic Frontier Foundation) have expressed concern about Google’s plans, pointing out that “FLoC places people in groups based on their browsing habits to target advertising”. This is a worry because of the way in which the data could be used for discriminatory purposes should it fall into the wrong hands.

WordPress says in a post which suggests FLoC should be treated as a security concern:

As the Electronic Frontier Foundation explains in their post “Google’s FLoC is a terrible idea“, placing people in groups based on their browsing habits is likely to facilitate employment, housing and other types of discrimination, as well as predatory targeting of unsophisticated consumers.

This is in addition to the privacy concerns of tracking people and sharing their data, seemingly without informed consent — and making it more difficult for legislators and regulators to protect people.

Focusing attention on some of the groups that could be victimized by FLoC, WordPress goes on to say:

WordPress powers approximately 41% of the web — and this community can help combat racism, sexism, anti-LGBTQ+ discrimination and discrimination against those with mental illness with four lines of code:

1 function disable_floc($headers) {

2    $headers['Permissions-Policy'] = 'interest-cohort=()';

3    return $headers;

6 add_filter('wp_headers', 'disable_floc');

The company points out that users who are OK with FLoC and want to opt into it are “likely to have the technical know-how to simply override this proposed filter in Core”.

WordPress’ posts asked the questions: “Why Treat It As A Security Concern? Why Not Just Wait For The Next Major Release?”, before answering:

Well, keep your eyes peeled, because there is a ticket for future releases on its way!

While it is indeed unusual to treat a new “feature” this way, there is precedent in that something that was not strictly a security vulnerability in comments was back-ported to previous versions for the good of the community as a whole.

Currently, 5.8. is only scheduled for July 2021. FLoC will likely be rolling out this month.

Furthermore, a significant number of WordPress sites only update to minor versions. By back-porting, we can protect more sites and more visitors to those sites — and amplify the impact.

This content was originally published here.