GitHub blocks Google FLoC technology

Bleeping Computer journalists reported that GitHub now blocks Google FLoC technology. GitHub announced yesterday that it is rolling out a new HTTP header for all sites on GitHub Pages. As it turns out, this header is designed to make sites refuse from the Google’s new FLoC tracking technology by default.

It is installed for the entire github.com domain and indicates that GitHub visitors should not be included in FLoC cohorts when visiting any GitHub page.

As a reminder, Google began testing a new user tracking technology called Federated Learning of Cohorts (FLoC) earlier this month. This technology aggregates users into anonymous segments or “cohorts” based on their interests and online behaviour, and should replace third-party cookies and localStorage.

Unlike third-party cookies used by advertisers to track behaviour and interests across different sites, FLoC is built into the browser itself, which categorizes people into specific “cohorts” and transfers this information to sites and advertisers. Thus, each browser will be combined with certain “cohorts” that most closely reflect the user’s habits and correlate with the viewed web pages.

As a result, thousands of browsers with similar browsing history (belonging to the same “cohort”) will have a common “cohort” identifier, which will be provided to sites upon request.

“FLoC does not share user’s browsing history with Google or anyone else. This is in contrast to third-party cookies, which allow companies to track you individually across different sites. FLoC works on your device without giving anyone access to your browsing history. It is important to note that all members of the advertising ecosystem, including Google’s own advertising products, will have the same access to FLoC”, — Google developers explained in a blog post.

However, FLoC itself and the idea of replacing it with third-party cookies have not found support in the industry. Google’s technology has been criticized and rejected by many big players, including EFF, Microsoft, Mozilla Firefox, Vivaldi, Brave, WordPress, and DuckDuckGo:

• EFF experts immediately criticized the technology, calling it a “terrible idea“;
• authors of the Vivaldi and Brave have already abandoned the use of FLoC in their browsers;
• DuckDuckGo blocks FLoC using the Privacy Essentials Chrome extension;
• WordPress is discussing automatic blocking of FLoC on sites managed by this CMS;
• Apple hasn’t made any official announcements about FLoC, but Safari developer John Wilander said the company intends to wait and see what happens next;
• Edge developers also took a wait to see attitude.

“Any tracker that receives both [FLoC ID and IP address] can be used to track and navigate user behaviour exceptionally well without third-party cookies or anything else”, — wrote Gabriel Weinberg, head of DuckDuckGo.

“Google’s new data collection tool is disgusting. FLoC (Federated Learning of Cohorts) is a new advertising technology designed to replace third-party cookies and similar tools like localStorage. This is an openly dangerous step that violates the privacy of users”, — the head of Vivaldi, Jon von Techner, explained.

As previously experts noted, site owners can refuse to support FLoC by sending their visitors the following HTTP header: Permissions-Policy: interest-cohort = (). As a result, sites that return such a header to users will be ignored by browsers when collecting cohort data for a user.

Bleeping Computer writes that now for *.github.com and GitHub Pages sites (hosted on *.github.io), just such a header has been applied. At the same time, the GitHub developers do not even mention the FLoC technology itself in the blog, they simply briefly inform users about the innovation.