Amazon Blocks FLoC across most sites

(updated )

Google's Federated Learning of Cohorts (FLoC) isn't exactly noted for it's popularity.

The company claims that FLoC will improve privacy, though various researchers disagree (and there are issues that have remained unaddressed for years).

For those who're not up to date: the stated aim of FLoC is to replace tracking via 3rd party cookies with an engine within the browser that profiles your browsing habits and adds you into a cohort of users with similar behaviour - advertisers then advertise to you based on your cohort ID (I wonder why the idea of a browser tracking your habits for advertising purposes hasn't won hearts and minds in the way they wanted...).

News has broken (via Digiday) that Amazon have blocked FLoC from operating on (most of) their domains - the exception seems to be Abebooks.

Because it's driven by a HTTP response header, we can trivially confirm for individual domains:

curl -v -o/dev/null https://www.amazon.co.uk 2>&1 | grep permis
< permissions-policy: interest-cohort=()

 

The enemy of your enemy is not your friend

Amazon blocking FLoC is, almost certainly, a good thing.

However, it's easy to forget just how much Amazon profiles and tracks it's own users - in many ways they are no better than Google in that respect (and they can see the stuff you bought at 2am, whilst drunk).

Amazon haven't commented on why they've blocked FLoC, but there is a significant chance that it's been done out of self-interest - FLoC would mean that Google get a window into the treasure-trove that is your shopping habits: not just what you buy, but what you browsed/how you got there.

 

Not Just Amazon

Although Amazon's choice almost certainly isn't made out of a sense of altruism, they're far from alone in viewing FLoC as being a concern

According to Scott Helme's crawler, 10,000 domains opt-out

ben@optimus:~$ curl -s https://crawler.ninja/files/floc-opt-out-sites.txt | wc -l
10005

Amongst these are names such as

  • Wikipedia
  • Amazon
  • Github
  • The Guardian
  • IMDB (an Amazon property)
  • php.net
  • debian.org
  • zendesk.com
  • duckduckgo.com
  • ubuntu.com
  • epicgames.com
  • discordapp.com
  • joomla.org
  • fbi.gov
  • blacklivesmatter.com

Whilst they're still a small number of the domains on the net, between them some of these account for a large proportion of internet traffic (even before I include the porn sites included in the list).

What's also interesting, is the number of developer-orientated sites that appear (ranging from CMSes like Joomla & Drupal to languages like PHP & Python) - there's hint of a potential there, that if anti-FLoC gets enough developer mindset, that new web-apps and websites may start blocking FLoC by default.

 

Conclusion

Amazon blocking FLoC is big, if unsurprising, news. It's almost certainly borne out of self-interest rather than concern for user's privacy, but the end result is much the same. That self-interest (not letting Google monetise my pages) is likely to be a fairly common mindset which can only serve to reduce FLoC's adoption further - whilst user's can choose to avoid FLoC by changing browser, given Chrome's 65% market-share it really needs sites to opt-out too, most users won't be aware that FLoC is a thing, much less the ramifications (something Google are probably relying on).

Share this post on Twitter Share this post on Reddit Share this post on LinkedIN Share this post via Whatsapp Share this post via Telegram Share this post via QQ Share this post via Email