FLoC and all that mess...

if you, like me, just love corporations that blatantly lie in your eyes about “protecting your privacy”, you’re ready to spend some time to make their lives as hard as possible.

one of the new ideas is Google FLoC - Federated Learning of Cohorts. great concept, that apparently was to “increase privacy”, but instead actually decreases it even more.

first of all, stop using Chrome. use Brave or Firefox - and make sure that security and privacy settings are properly configured (one of the key is DoH, which may be enabled by default and that actually overrides your configured DNS servers).

then, if you host your own content on your own web server - make sure that the client visiting you won’t be profiled by extended headers.

for nginx that I use, required configuration is:

server {
      [...]
      add_header Permissions-Policy "interest-cohort=()";

and then restart:

service nginx restart

obviously, you should check your headers to make sure you did it right - for example by using this service. for my site the results are:

report results for https://lukasz.bromirski.net made by SecurityHeaders

report results for https://lukasz.bromirski.net made by SecurityHeaders

don’t let yourself be profiled.