WordPress announced today that it intends to treat Google’s new FLoC tracking technology as a security issue and intends to block it by default on WordPress sites.
For some time now, browsers have been increasingly blocking third-party browser cookies [1, 2, 3] used by advertisers for interest-based advertising.
In response, Google has introduced a new ad tracking technology called Federated Cohort Learning, or FLoC, which uses a web browser to anonymously place users in interest or behavioral groups based on how they browse the web.
After Google began testing FLoC this month in Google Chrome, there was a consensus among privacy advocates that implementing Google FLoC only replaces one privacy risk with another.
“FLoC is meant to be a new way to get your browser to create profiles that were made by third-party followers themselves: in this case, reducing your recent browsing activity to a behavioral tag and then sharing it with your website. web sites and advertisers. “
“Technology will avoid the privacy risks of third-party cookies, but will create new ones in the process. It can also exacerbate many of the most serious non-privacy issues with behavioral ads, including discrimination and targeting. predators “, the Electronic Frontier Foundation (EFF) explained in a recent blog post.
Since then, other privacy browser and search engine developers, such as Brave Browser, DuckDuckGo and Vivaldi, have removed FLoC from their software or created tools to block it.
WordPress plans for blocking FLoC
In a new announcement today, WordPress says it considers Google’s FLoC technology a security concern and will start blocking it in future releases.
“WordPress powers about 41% of the Internet – and this community can help fight racism, sexism, anti-LGBTQ + discrimination and discrimination against people with mental illness with four lines of code,” says WordPress.
WordPress intends to disable FLoC using the following four lines of code, which will cause the blogging platform to issue an HTTP request header that tells the browser that FLoC should be disabled for the site.
function disable_floc($headers) {
$headers['Permissions-Policy'] = 'interest-cohort=()';
return $headers;
}
add_filter('wp_headers', 'disable_floc');WordPress explains that while some administrators will probably want to enable this technology, these administrators probably have the technical knowledge to overwrite the above code. WordPress has also indicated that it could add a setting to allow administrators to control whether FLoC is allowed.
However, the concern of WordPress is that those who are not aware of this new tracking technology will automatically opt into it without fully understanding what it entails. Therefore, it is in the interest of these users for WordPress to automatically disable the technology.
“When balancing the interests of stakeholders, the needs of website administrators who are not even aware that this needs to be mitigated – and the interests of users and visitors to these sites are simply more compelling,” explains WordPress.
WordPress states that this code is planned for WordPress 5.8, scheduled for release in July 2021.
Because FLoC expects to launch earlier, WordPress plans to downgrade this code to previous versions to “amplify the impact” on current versions of the blogging platform.