FUD around Google FLoC and interest-cohort Permissions-Policy header value

Hypolite Petovan

3 years ago •

Hypolite Petovan
3 years ago •

FUD around Google FLoC and interest-cohort Permissions-Policy header value

This non-standard header value fabled to opt you out of Google's new tracking technology is as close to tinfoil hat as you can get. Sure, it won't harm you, but it won't protect you from much either and you will look silly wearing it to people who know better.

Tinfoil hat tip to @Seirdy

#Google #FLoC

#google #Floc @Seirdy

Hypolite Petovan

3 years ago •

I resent the pressure to lock down sites I operate against web tech that ought to require informed consent through browser preferences.

Exactly, the opt-out has no place on websites, it should be at the browser level. Until then, this header value is useless to protect anyone from tracking.

Hypolite Petovan

3 years ago •

Why would you be worried about people who know worse if you already aren't worried about people who know better?

grin likes this.

Seirdy

3 years ago •

I think it’s generally a good idea to use the most restrictive CSP possible; I just think that adding a permissions-policy is redundant if your CSP enforces that only trusted content can be loaded and that trusted content doesn’t use privileged APIs.

In other words, a CSP is a good way to enforce what I think should be the norm.

Hypolite Petovan likes this.

Brad Koehn ☑️

3 years ago •

It would be interesting to put a random number in there.

⇧