Skip to main content
Topic: Opting your Website out of Google's FLoC Network (Read 920 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Opting your Website out of Google's FLoC Network

Instructions on how to add custom HTTP response headers to common web and proxy server configurations.

Quote
The primary way an end-user can avoid being FLoC’d is to simply not use Chrome, and instead choose a privacy-respecting browser such as Mozilla Firefox .

But website owners can also ensure that their web servers are not participating in this massive network by opting-out of FLoC.

https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network

Re: Opting your Website out of Google's FLoC Network

Reply #2
Not to nitpick, but as I use privacy-respecting browsers Librefox and ungoogled-chromium, I noticed that artixlinux.org still makes some requests to google.com. I suggest maybe switching jquery to hosted instead of a CDN, and the same for favicons. Favicons are a potential security risk.

Re: Opting your Website out of Google's FLoC Network

Reply #3
All our sites have been de-FLoC'ed in httpd. Fontawesome has been made local. Not sure if, how and why favicons pose a problem, they are all local.

The only part that still uses some CDN is the forum software (Elkarte), which is third-party and I don't want (read: can't) mess with it. If you have the time, please audit and report.

Re: Opting your Website out of Google's FLoC Network

Reply #4
From what I can tell, it's not the local favicons of this (and other official Artix Linux) websites that are the problem, but rather those little favicons beside each link. In this page can see requests for:

Code: [Select]
https://www.google.com/s2/favicons?domain=https://artixlinux.org
https://www.google.com/s2/favicons?domain=https://forum.artixlinux.org
https://www.google.com/s2/favicons?domain=https://nosystemd.org
https://www.google.com/s2/favicons?domain=https://paramdeo.com
https://www.google.com/s2/favicons?domain=https://systemd-free.artixlinux.org
https://www.google.com/s2/favicons?domain=https://wiki.artixlinux.org

Re: Opting your Website out of Google's FLoC Network

Reply #5
From a quick search & lookaround, it seems that jquery can be served locally and that you can disable favicons next to links (which is the reason for those //www.google.com/s2/favicons URLs) (I haven’t found a discussion about it, but their forum doesn’t show them).

As a non-admin I unfortunately cannot tell how to do it.

Re: Opting your Website out of Google's FLoC Network

Reply #6
Most of the icons next to the links are fontawesome glyphs (a couple are svg/png), which are now served locally (I don't particularly like that, because it consumes unnecessarily high bandwidth and I may revert it in the future if I find a suitably privacy-respecting CDN; hopefully our Cloudflare front caches and serves fontawesome itself). Also, no idea where that paramdeo.com links comes from (I'll grep it later). Are you sure your browser CSS cache is cleared?

Re: Opting your Website out of Google's FLoC Network

Reply #7
I am talking about icons next to links in posts/signatures. If you go through posts from top to bottom (I remove the protocols not to trigger the favicons again)

  • link to paramdeo → request to //www.google.com/s2/favicons?domain=https://paramdeo.com
  • link to elsewhere on this forum → request to //www.google.com/s2/favicons?domain=https://forum.artixlinux.org
    link in your signature → request to //www.google.com/s2/favicons?domain=https://systemd-free.artixlinux.org
  • etc

Re: Opting your Website out of Google's FLoC Network

Reply #8
Oh, while you were posting this I found the culprit: UrlFavicon Elkarte addon. I'll see if I can find a good alternative to google's service. DDG is incomplete, currently switched to yandex edited to use Github's service .

Re: Opting your Website out of Google's FLoC Network

Reply #9
Why favicons are bad (just one of the pages about this):

https://www.ghacks.net/2021/01/22/favicons-may-be-used-to-track-users/
https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf

In short, they can be used to track users.

In general, any request going through Google (as well as CDNs like Cloudflare) can be filtered through some backend and logged, parsed, etc. along with all the request parameters. It's also why extensions like this one exist.
 

Re: Opting your Website out of Google's FLoC Network

Reply #10
Quote from: strajder – on
Why favicons are bad (just one of the pages about this):
https://www.ghacks.net/2021/01/22/favicons-may-be-used-to-track-users/
https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf

In short, they can be used to track users.

In general, any request going through Google (as well as CDNs like Cloudflare) can be filtered through some backend and logged, parsed, etc. along with all the request parameters. It's also why extensions like this one exist.
I understand your concern and I'm on the same boat. However, we currently lack the manpower and the infrastructure to shield our sites from attacks that Cloudflare conveniently deters. More over, privacy-conscious users already know how to protect themselves (as you have clearly pointed out) from this level of tracking and, honestly, Artix can't do much more to protect unsuspecting users: if they don't fingerprint you here, they'll fingerprint you at the next site you visit.

Having said that, we are always open to suggestions but even more so to contributions. There's this nice project which we could deploy, but (since my Javascript skills are next to zero) I would accept all the help I can get setting it up.