Reality 2.0 Newsletter - July 2, 2021: Blocking FLoC

To get this weekly dose of Reality delivered by email, sign up on our Substack page.

A Quick Plug

Episode 75: Let's Talk About FLoC Blocking

Katherine Druckman and Doc Searls talk to Drupal Association Community Liaison, Rachel Lawson, and Drupal developer, Tony Savorelli, about Privacy in Drupal and beyond, and protecting ourselves and others on the web.

Please remember to subscribe via the podcast player of your choice.


"My conclusion is usually that if you're in the ad tech business, you should not also be making a browser."

In last week’s episode, we talked to Rachel Lawson and Tony Savorelli about privacy on the web, the role developers play in advocating for users, and the heightened responsibility we feel when important issues are at stake.

The springboard for this conversation starts with the decision by Drupal and other web frameworks to block Google’s Federated Learning of Cohorts (FLoC) out of the box. The swift actions taken by these projects, including WordPress and Joomla, reflects the concern many privacy advocates and developers have about the implications of Google’s new plan to replace third-party cookies with a new type of user tracking that relies on federated learning, grouping people into “cohorts” in order to target users for advertising without the use of cookies, a.k.a FLoC.

Major organizations like Mozilla, Amazon, and others have also taken swift steps to head FLoC off at the proverbial pass with thorough analysis and outright blocking. Subsequently, Google announced that it would now continue to support 3rd party cookies until 2023 instead of 2022, which delays a full launch of FLoC as well. Inc. Magazine had an interesting take on this announcement:

The cynical take is that Google is dragging this out because it's addicted to your data and wants to protect its business. The truth, however, is that's only partially true. In fact, I think you can make the case the truth is actually worse. Google doesn't even need that data.

While Google could technically make the internet respect your privacy, the problem is that doing so would give it an enormous advantage over every other advertising network and platform. Google collects massive amounts of first-party data on its users, meaning that it is far less dependent on third-party tracking.

Besides, Google's most profitable advertising platform is search. Google doesn't have to do any third-party tracking to know what you search for since you literally type what you're looking for into its website. All it has to do is show you ads at the top of the search engine results page.

What happens with FLoC remains to be seen, but the most interesting part of this story is how quickly developers took steps of their own to take back some control on behalf of the user.

We hope you enjoy the episode and give some further thought to this and the many other issues we raised, and please reach out with any comments or questions here in a comment, on any of our social outlets, or via our contact form.

Site/Blog/Newsletter | Facebook | Twitter | YouTube | Mastodon


This Week’s Reading List

  • Add Permissions-Policy header to block Google FLoC [#3209628] | Drupal.org — Google is introducing what it calls Federated Learning of Cohorts, which is a way to gather user data without cookies, regardless of whether a website is loading any Google-related trackers. This is enabled starting in Chrome 89, and only in select countries on a trial basis. Although other major browser vendors are likely against this technology and will presumably not be implementing it, given Chrome’s market share this will become a concerning issue, because it largely remove users’ ability to easily opt out of being tracked—particularly true in the case of less-savvy users. See a very informative post by Plausible. Since no one can reasonably expect users to just stop using Chrome, it will be up to responsible developers to block FLoC at the source.

  • Amazon is blocking Google's FLoC — and that could seriously weaken the system — Amazon is blocking Google’s controversial cookieless tracking and targeting method.

  • Privacy analysis of FLoC — In the current web, trackers (and hence advertisers) associate a cookie with each user. Whenever a user visits a website that has an embedded tracker, the tracker gets the cookie and can thus build up a list of the sites that a user visits. Advertisers can use the information gained from tracking browsing history to target ads that are potentially relevant to a given user’s interests. The obvious problem here is that it involves advertisers learning everywhere you go. 

  • Surveillance Self-Defense | Tips, Tools and How-tos for Safer Online Communications — We’re the Electronic Frontier Foundation, an independent non-profit working to protect online privacy for nearly thirty years. This is Surveillance Self-Defense : our expert guide to protecting you and your friends from online spying.

  • University of Pennsylvania ScholarlyCommons — The Tradeoff Fallacy - How Marketers Are Misrepresenting American Consumers and Opening Them up to Exploitation

  • Reality 2.0 - Blog - Reality 2.0 Newsletter - June 4, 2021: More Tracking Tech and Apple — After a lengthy discussion in Drupal’s core issue queue by some of Katherine’s favorite people, the upcoming release of Drupal 9.2 will officially block Google’s Federated Learning of Cohorts (FLoC) by default! Similarly, the WordPress and Joomla communities are taking similar measures. With these platforms representing a huge chunk of websites, this must be quite a blow to Google, enough so that a member of Google Chrome’s developer relations team weighed in on the Drupal issue himself. I hope this news inspires you to run off and build a Drupal site, so I’ll just leave this documentation link here just in case.


The Reality 2.0 Podcast explores how tech, privacy, and security impact reality in a post-COVID world. Subscribe now and don't miss a thing! We welcome your feedback at our contact page.

Article Comments