Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Jonathan Foote Profile picture
Jonathan Foote
@footePGH
Senior principal engineer at @fastly. Infosec and privacy, R&D. Tweets are my own.

Apr 9, 2021, 15 tweets

Well it's Friday. Let's fool around with Google FLoC.

(attempting a thread)

(I felt compelled to make Word Art for this)

FLoC lets adtech brokers target ads at Chrome users (maybe us!) by groups. This provides some "privacy" while still targeting, which seems to be a gray area. The @EFF (), Google, et. al. argue the points well.

Anyway the tech is neat so let's fiddle w/ it

For now, you can turn on FLoC with these args (breaks added for clarity).

Then any site that is part of the Origin Trial (ends 31 July) can interact with FLoC on your device.

Google is planning to enable FLOC for more users over the coming weeks.

FLoC calculates a clever hash based on your browser history. It is synced to Google servers with other Chrome metrics. The Chrome agent downloads a global FLoC dataset to filter whether your FLoC (group) ID should be exposed for ads.

You can find the global dataset on your FS.

(You can find the code that reads it is in the chromium src tree source.chromium.org/chromium/chrom…)

You need at least seven sites in your history to have a valid FLoC ID. You can find it in your prefs file on disk.

Your FLoC ID is also exposed to advertisers via a Javascript API, which is pretty fun. You can dump it from devtools like this.

... so you can monkeypatch the document.interestCohort function to return whatever ID you want, like 123456

This isn't very useful to do in devtools since interestCohort will likely already have executed. A better way is to use an extension to inject Content Script before the page loads.

This one will set the FLoC cohort (group) ID to 2's

We can check if this works by browsing to a test site (floc.glitch.me). Before / after.

We can make up cohort IDs with fresh browser histories. Here is a weak attempt at joining a "golf" cohort, which (deterministically) results an ID of 23721.

You can inject different IDs as your browse around the web. At this point a lot several media sites include calls to document.interestCohort from doubleclick.net.

Results may vary for a bunch of reasons (besides bugs :).

Notably FLoC IDs themselves aren't very actionable; it is up to the adtech companies to surveil Google users and infer their interests. I'm not sure how far along that is.

(this image .. I'm sorry 😄)

FLoC is interesting. I'm not sure how it worked before, but exposing the ID in Javascript without authentication allows end-users to easily control input into advertiser's machine learning algorithms. FLoC also might have some non-Googly, non-ad-targeting uses...

That's all for now. When I get a chance I'll expand this on foote.pub with details, references, copyable code, and maybe something interesting... I'll append a link here if/when I do.

Happy Friday! 👋

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling