News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • DuckDuckGo updates its plugin to block Google’s creepy FLoC

    Home Forums Code Red – Security/Privacy advisories DuckDuckGo updates its plugin to block Google’s creepy FLoC

    Viewing 18 reply threads
    • Author
      Posts
      • #2356423
        Alex5723
        AskWoody Plus

        Google is currently in the process of testing and refining its FLoC machine learning algorithm on millions of Chrome users. The system would profile users into groups based on their browsing history, and then offer this group ID to websites to advertise against.

        Now privacy champion DuckDuckGo has announced that it has released an update to their browser plugin which would block FLoC

        “If you’re a Google Chrome user, you might be surprised to learn that you could have been entered automatically into Google’s new tracking method called Federated Learning of Cohorts (FLoC). It groups you based on your interests and demographics, derived from your browsing history, to enable creepy advertising and other content targeting without third-party cookies. After a short trial period, Google decided not to make this new tracking method a user choice and instead started automatically including millions in the scheme.

        In response to Google automatically turning on FLoC, we’ve enhanced the tracker blocking in our Chrome extension to also block FLoC interactions on websites. This is directly in line with the single purpose of our extension of protecting your privacy holistically as you use your browser. It’s privacy, simplified.”

        4 users thanked author for this post.
      • #2356481
        b
        AskWoody MVP

        Ultimately DuckDuckGo’s first recommendation is to switch to an alternate browser (hello Edge)

        https://mspoweruser.com/blocking-floc/

        Windows 10 Pro version 21H1 build 19043.985 + Microsoft 365 (group ASAP)

      • #2356609
        Alex5723
        AskWoody Plus

        Ultimately DuckDuckGo’s first recommendation is to switch to an alternate browser (hello Edge)

        https://mspoweruser.com/blocking-floc/

        DuckDuckGo doesn’t recommend Edge.

        How to Live Without Google: Alternatives That Protect Your Privacy

        Google Chrome → Safari (free), Firefox (free), Brave (free), Vivaldi (free)
        Safari was the first major browser to include DuckDuckGo as a built-in private search option. A more cross-device compatible browser is Mozilla’s Firefox, an open source browser with a built-in tracker blocker. Brave goes one step further with tracker blocking switched on by default. There are also many more browsers that come with DuckDuckGo as a built-in option, such as Vivaldi, which is well suited for power-users…

      • #2356617
        Ascaris
        AskWoody MVP

        From the post:

        “Advertising is essential to keeping the web open for everyone,”

        Oh, I am far from certain about that. Web advertising is broken, and it’s mostly been you (and a couple of other tech giants) that broke it, Google. Sites like askwoody.com are trying means to support themselves other than advertising because of this. Site owners are left with a choice of letting someone else (who has no concern whatsoever whether that site lives or dies) control the content of the ads on that site, while tracking that site’s users mercilessly, or not having any advertising at all. That is a trade-off that many site owners do not wish to accept on behalf of their viewers.

        “…but the web ecosystem is at risk if privacy practices do not keep up with changing expectations.”

        That ship sailed, went over the horizon, got to wherever it was going, unloaded its cargo, and set off for some other place by now, I think.

        I don’t know that expectations have changed. I think (many) people always expected to not be spied upon. It’s just that now people know how pervasive it is.

        This FLoC thing is supposed to allow tracking of a web user’s interests the same as is currently done. At present, the tracking scripts will send that information (ID and interests together) to Google, resulting in an ever-growing profile of interests (on Google’s servers) associated with that identity. Every time that user is encountered, Google will be able to look in its database and know what kinds of ads to serve to that person, since it knows what interests that person has. Instead, as I understand, FLoC will gather a profile of the user’s interests locally (on his own computer or other device) and send that information (the interests themselves) to the Google ad servers and let those servers serve up ads customized for those interests, but without knowing who the person is.

        On the surface, it seems to address the issue, but the devil is in the details. If your browser tells Google that you’re interested in woodworking, but it does not give your identity, Google will serve an ad about woodworking to… your IP address, which it now knows belongs to someone interested in woodworking. Do we believe Google is not going to save that IP address and that interest somewhere? This is Google we are talking about. They collect data that they can’t use for anything just because they might someday think of a way to use that data!

        If the person has an ISP that uses dynamic IP addressing, there’s still a record of that IP being interested with that topic at a given time, and any government official can get that record, then go to the ISP and find who had the IP at that time and have the interest linked to the identity.

        There are various techniques advertisers have used to fingerprint users in case they don’t allow the cookies to track them, and all of those will still exist with FLoC. This “solution” seems more geared toward getting privacy advocates to think something’s been done when the information that is still being transmitted is more than enough to profile the person and establish a persistent identity even if that identity isn’t transmitted directly each time.

        There’s just something creepy (as the title of the thread says) about my browser keeping track of my interests so it can blab that information (without asking me!) to Google to use for advertising. For the people who are not bothered by Google’s spying, it’s a non-issue anyway, and for the privacy conscious, this isn’t good enough.

        Advertising still doesn’t require tracking, Google. Lots of forms of ads don’t have tracking… it wasn’t that long ago that NO advertising had tracking, because the technology for performing the tracking did not exist. Advertising companies still made money, with no individually targeted ads at all! Imagine that. If you were selling a computer product, you could place it in a computer magazine, and you’d know that the kinds of people who would see the ad would be the kind who would buy a computer magazine. That’s a form of targeted ads, without any data flowing from the user to the advertiser at all. It must have worked, since ads didn’t stop existing at any point before tracking became possible, and then it became the norm.

        Google could sell ads under that paradigm if it wanted… no interest tracking at all, at any stage. Ad content would be determined by the topic of the site (or Youtube channel, etc.), and all of that overhead for tracking and profiling would be unnecessary. So many wasted CPU cycles, all that electrical energy, all that additional bandwidth shuttling the trackers to the person’s browser and the captured data in the other direction, not to mention the tremendous resources Google uses to collect and store all of this data… massive amounts of electricity used for that too.

        Sorry Google, but this doesn’t fix the issue. Trying to figure out ways you can keep tracking people while appeasing those who do not want to be tracked isn’t going to work. You’re still tracking, just differently. The part we want to have changed is the presence of the tracking, not the methodology! It reminds me of the famous “Spam” sketch in Monty Python… you’re changing everything but the bit that was the cause of the objection in the first place.

         

         

        Group "L" (KDE Neon Linux 5.21.5 User Edition)

        9 users thanked author for this post.
      • #2357198
        DriftyDonN
        AskWoody Plus

        Why does this plugin from ddg require access to so much useage info? seems to defeat the purpose of PRIVACY

        • #2357202
          SB9K
          AskWoody Lounger

          Why does this plugin from ddg require access to so much useage info? seems to defeat the purpose of PRIVACY

          What usage info are you referring to? There’s nothing scary on the “Privacy practices” tab of the extension’s Chrome Web Store page, nor anything surprising in the “approved use cases” linked from there.

          And there’s also this, in the extension’s Overview text (though you do have to click the “Read more” button to see it):

          Please note that tracker blocking requires certain permissions, but these permissions work solely on your local device. We do not collect or share any personal browsing information ourselves, as per our strict privacy policy: https://duckduckgo.com/privacy

          Please, share with the rest of the class.

          Gaming Rig: Win 8.1 Pro - Group A + Blackbird
          Notebook (guinea pig): Whatever flavor of Linux I tried last
          File Server: TurnKey Linux
          • #2357205
            DriftyDonN
            AskWoody Plus

            these permissions are required to install the plugin. Just exactly WHO gets access to these ?

            ddg-plugin

            I am not comfortable allowing this. You are right. it’s not ‘Scary”

            • This reply was modified 1 month ago by DriftyDonN.
            • This reply was modified 1 month ago by DriftyDonN. Reason: question
            Attachments:
            • #2357294
              SB9K
              AskWoody Lounger

              Well, as the extension description said, those permissions only work locally on  your device. If you don’t trust that claim, by all means, don’t install it and simply use another browser.

              Gaming Rig: Win 8.1 Pro - Group A + Blackbird
              Notebook (guinea pig): Whatever flavor of Linux I tried last
              File Server: TurnKey Linux
            • #2357308
              SB9K
              AskWoody Lounger

              Oops. I just realized that permissions screen shot is from Firefox, not Chrome. Since FLoC isn’t part of Firefox, you won’t need any extension to block it.

              Gaming Rig: Win 8.1 Pro - Group A + Blackbird
              Notebook (guinea pig): Whatever flavor of Linux I tried last
              File Server: TurnKey Linux
            • #2357488
              Ascaris
              AskWoody MVP

              The extension has to have access to all of the web traffic into the browser so it can do its thing and block the bad stuff. It can’t filter the good from the bad if it is not permitted to read any of it.

              Group "L" (KDE Neon Linux 5.21.5 User Edition)

      • #2357232
        Alex5723
        AskWoody Plus

        Brave and Vivaldi won’t support FLoC.

        At Vivaldi, we are committed to protecting our users from online trackers, and we would not want to enable any kind of user behavioural profiling. The FLoC experiment does not work in Vivaldi, because it relies on several hidden preferences being set, and we do not enable these options in Vivaldi. Our future plan is to prevent the Floc component from functioning, no matter which way it is implemented.

        Why Brave Disables FLoC

        • #2357492
          Ascaris
          AskWoody MVP

          Chromium has been more popular than Firefox as a base for “alternative” browsers for some time. Some people have said that it was built with modularity from the start, so that it is easier for would-be alternative browser devs to make it into whatever they want it to be, as compared to Firefox, which supposedly was built in a more unified way.

          I have no idea if that is true. If it is, I wonder at what point Google will have added enough unwanted spyware junk to Chromium to offset the alleged ease of customizing it over Firefox (who for now does not seem to be interested in adding the spyware). From the announcement of the deliberate sabotage of adblockers with “Manifest 3,” in the guise of protecting users from rogue extensions, it’s been apparent that Google will be demonstrating why it’s a conflict of interest to have one company own the web ad business and also develop the world’s most-used browser.

          My way of thinking is that the browser’s job, or one of them at least, is to protect the user from the likes of Google (that is, the surveillance capitalists). That’s obviously not going to happen when it’s Google at both ends. Having Google protect users from Google would go beyond “Don’t bite the hand that feeds.” It would be “Don’t bite your own hand that you use to feed yourself other people’s food.”

          Group "L" (KDE Neon Linux 5.21.5 User Edition)

          1 user thanked author for this post.
      • #2357233
        Alex5723
        AskWoody Plus

        I am not comfortable allowing this.

        Can you point to a browser (extensions are part of the browser) that doesn’t have access to websites data, tabs, activity ?

      • #2357320
        holsh
        AskWoody Plus

        Switch to duckduckgo or the brave browser and set up nextdns. Add the private DNS to your phone and it will block all tracking of any kind to your device.

      • #2357485
        Fred
        AskWoody Plus

        Brave and Vivaldi won’t support FLoC.

        At Vivaldi, we are committed to protecting our users from online trackers, and we would not want to enable any kind of user behavioural profiling. The FLoC experiment does not work in Vivaldi, because it relies on several hidden preferences being set, and we do not enable these options in Vivaldi. Our future plan is to prevent the Floc component from functioning, no matter which way it is implemented.

        Why Brave Disables FLoC

        EFF has some writings about FloC and a test site when you use Chrome: Am I being FloC’d ?  https://amifloced.org/ 

         

        ~ ~ ~
      • #2357495
        OscarCP
        AskWoody Plus

        Funny thing about me and the search engines: whether they offer targeted advertisement to me, based on my search history and browsing habits, or they don’t, I really have no idea. I must confess, without remorse or shame, that I do use, and have always used, Google as my search engine. And that I use Chrome whenever I need to access a site that goes negative about my favorite browser, Waterfox.

        I also use what, in retrospect, seems like a good ad blocker, because whatever Google and his forces of darkness might shower me with every second of every day, slides off me unnoticed like the proverbial water off the proverbial duck’s back. So I’m none the wiser and more the happier. (*)

        Once I am done for the day, I delete all the crude accumulated during my browsing, scan my Mac for malware twice: once with my AV and once, just in case, with Malwarebytes. That, plus using a couple of those addons people here often recommend, such as uBlock Origin and Privacy Badger.

        Maybe mine is a foolish happiness, but at least doing things as explained, for me it makes for a happier and simplified life, without any obvious consequential prejudice, so far. I don’t get ads, people are not suing me, my friends are still my friends; people that didn’t like me before, still don’t. My approach, doubtless, is not perfect. But nothing is perfect, so making my life more complicated is not going to be perfect either. And, perhaps, make my life not that much safer than it already is.

        (*) Unless one counts as ads those links marked “Ad” that show up as “hits” at the top of a search page. These, almost invariably totally unrelated to anything that might even remotely interest me, and never to what I am searching for, may go on for well over a page.

        I am usually looking for is articles on some science/engineering/classical music/recent news of the world/how to cook something, or keep it from spoiling/or historical fact.

        So if, for example, I am looking for something on the 1980’s Irak/Iran War and get pages and pages of irrelevant stuff from sites that all end in “.com”, I do this: I enter “site:org”, or “site:edu”, or “site:gov” in the search box, then hit “return.” One of those often works.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

      • #2358712
        Alex5723
        AskWoody Plus

        WordPress to block FLoC.

        ..WordPress powers approximately 41% of the web – and this community can help combat racism, sexism, anti-LGBTQ+ discrimination and discrimination against those with mental illness with four lines of code:

        function disable_floc($headers) {
        $headers[‘Permissions-Policy’] = ‘interest-cohort=()’;
        return $headers;
        }

        add_filter(‘wp_headers’, ‘disable_floc’);

        What About Admins Who Want FLoC?

        Those websites who want to opt into FLoC are likely to have the technical know-how to simply override this proposed filter in Core…

        • This reply was modified 4 weeks, 1 day ago by Alex5723.
        1 user thanked author for this post.
      • #2358969
        Microfix
        AskWoody MVP

        Microsoft disables Googles FLoC within Chromium Edge..for now
        bleepingcomputer – Lawrence Abrams

        Microsoft has disabled Google’s controversial FLoC browser-based tracking feature in their Chromium-based Microsoft Edge browser.

        W10, the itch you simply cannot scratch!
        1 user thanked author for this post.
      • #2358979
        bbearren
        AskWoody MVP

        I haven’t used anything Google, with the singular exception of YouTube, in several years, now.  I have never used Chrome.  I don’t use Edge.  Firefox is my default browser.

        In addition, I have uBlock Origin, DuckDuckGo Privacy Essentials, Facebook Container, and AdGuard AdBlocker.

        On top of all that, I never go from one site directly to another site.  I always go to my home page (which is DuckDuckGo) first, and from there navigate to the next site I want to visit.  I even go back to my home page before I close a tab.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

        2 users thanked author for this post.
      • #2359100
        anonymous
        Guest

        Anyone try eu.startpage.com ? They don’t even record your IP address, and have to toes the  EU line for rpivacy, since they’re based in the Netherlands. There IS a startpage.com in the US, but if you’re really concerned, try the EU one.

        • #2359150
          Microfix
          AskWoody MVP

          FYI: StartPage was a good alternative until October 2019 when it was partially acquired by System1 (an ad-tech data gathering company) and were tardy to inform everyone.(wonder why eh!?) So whether it’s EU or not, it certainly ain’t happening here on any of our systems.

          W10, the itch you simply cannot scratch!
          1 user thanked author for this post.
          • #2360131

            Microfix:

            Well, we have a statement in March from them:

            https://support.startpage.com/index.php?/Knowledgebase/Article/View/1275/0/what-is-startpages-relationship-with-privacy-onesystem1-and-what-does-this-mean-for-my-privacy-protections

            …and then there’s the fact that sporadically, any attempt even to VIEW the System1 website results in:

            ———————–

            “Your access to this site has been limited by the site owner

            “Your access to this service has been limited. (HTTP response code 503)

            “If you think you have been blocked in error, contact the owner of this site for assistance.”

            Hm! There’s only one thing that smells like fish…fish.

            What SE do you use? I hear there’s one in Switzerland, but I can’t remember it.

            (Sorry if this ends up out-of sequence; must have posted incorrectly.)

             

            Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
            --
            "Civilization is fun! Anyway, it sure keeps me busy["

            -Zippy

            1 user thanked author for this post.
          • #2360151
            Microfix
            AskWoody MVP

            @NTDBD, Using two of the SE’s in this dated, although still relevant article
            Quant Lite and DDG suites needs, have also tried Metager which offers their free VPN-like facility if searched site is viewed anonymously which is quite handy for cloaking your IP when visiting a site (if you don’t use a VPN) for window shopping/research, although it’s function is for VIEWING only when using the anonymous facility. Releasing the Warning red banner, deactivates the free VPN whereby you can interact with the website and no-longer cloaks your IP.

            The Swiss SE you mention could be Swisscows

            W10, the itch you simply cannot scratch!
            1 user thanked author for this post.
      • #2359615

        Man, I’ve been out of THAT loop for a while. Tnx for the head’s-up.That’s what so great about this group; the knowledge base here is excellent. “No one person can know it all any more”.

        But, according to Wikipedia (without who’s unquestioned accuracy there would be no order in the Universe, ha-ha…):

        “In October 2019, Privacy One Group, owned by adtech company System1, acquired a majority stake in Startpage but, according to the company, its “founders may unilaterally reject any potential technical change that could negatively affect user privacy”. [16]
        [17] By maintaining its headquarters and operations in the Netherlands, Startpage continues to be protected by Dutch and European Union (EU) privacy laws. [18]

        “In May 2020, Vivaldi announced that its browser has added Startpage as an optional or default search engine.[19][20]

        But then ZDNet writes:

        “A May 2020 review of the website on ZDNet also states that Startpage “does not track, log, or share data or searching history”. [25]

        Oddly enough, Wikipedia does not have any info on System1, OR Privacy One , which is enough to give one pause. I’m definitely going to do some more digging on these outfits. Hope I don’t find anything weird. Again, thanks for the head’s up. Truly, something may be rotten in Bermuda. Or not. :/

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
        --
        "Civilization is fun! Anyway, it sure keeps me busy["

        -Zippy

      • #2360312

        OK, Microfix, I’m impressed enough to give them a try. As Orson Welles in his role of The Turkish Policeman said,

        “Maybe yes, umm, maybe no. We shall see.”  🙂

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
        --
        "Civilization is fun! Anyway, it sure keeps me busy["

        -Zippy

      • #2361047
        Microfix
        AskWoody MVP

        GitHub blocks Google FLoC tracking
        https://www.bleepingcomputer.com/news/security/github-blocks-google-floc-tracking/
        Tracking resistance is gaining momentum 🙂

        W10, the itch you simply cannot scratch!
        1 user thanked author for this post.
      • #2364731
        WSstarvinmarvin
        AskWoody Lounger

        What appear to be targeted ads frequently appear while my Chrome browser is in use. mostly it’s familiar tech product stuff. Last week I visited a website to look at a shirt for my GF. Since then, women in billowy, colorful, or sexy blouses keep appearing in the browser no matter where i go. That was followed by ads for feminine products of another sort in which I definitely have no interest. For now, I’ll keep using Chrome, but have just installed the DuckDuckGo privacy extension thingy. After posting here I’ll close the browser and run CCleaner.

        After that, well, we’ll see how it goes.

        • #2364732
          Alex5723
          AskWoody Plus

          Just add uBlock Origin extension and say goodby to ads on all sites.

          • #2364737
            anonymous
            Guest

            Thanks, I’ll check it out, but for now I’m trying the DDG extension as it offers both tracking and search benefits, or so they claim. We shall see what we shall see ….

      • #2365024
        WSstarvinmarvin
        AskWoody Lounger

        Installed the DuckDuckGo plug-in / extension for Chrome. Have noticed one small change in how it is used compared to Chrome with Google search or Chrome with Startpage search. With those two you can click a link in the search results page and the link opens in a new tab, leaving your search results page intact. When using DuckDuckGo you click on a link in the search results page and that link opens in the same tab. In other words, you lose the search results page. To retain the search results page you must right-click on a link and select Open-in-a-new-tab option. Not really a big deal, just a bit less convenient than before.

        Actual search results seem to be similar to what i would expect from Google or Startpage. That is to say the search results are not disappointing like I experienced with Bing search, haha.

    Viewing 18 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: DuckDuckGo updates its plugin to block Google’s creepy FLoC

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.