Block Floc checks in Chrome/uBO

[ryanbr]

Prerequisites

• I verified that this is not a filter issue
  • Filter issues MUST be reported at filter issue tracker
• This is not a support issue or a question
  • Support issues and questions are handled at /r/uBlockOrigin
• I performed a cursory search of the issue tracker to avoid opening a duplicate issue
  • Your issue may already be reported.
• I tried to reproduce the issue when...
  • uBlock Origin is the only extension
  • uBlock Origin with default lists/settings
  • using a new, unmodified browser profile
• I am running the latest version of uBlock Origin
• I checked the documentation to understand that the issue I report is not a normal behavior

Description

Block FloC requests within uBO

A specific URL where the issue occurs

Test case: https://amifloced.org/ But will eventually occur on various sites.

Steps to Reproduce

1. Expect uBO to block requests using Floc
2. Open : https://amifloced.org/
3. Detects FloC

Expected behavior:

uBO should block FloC for privacy.
Have an option to counter google's tracking. Would recommend a default option for Chrome, but if not available a configurable option.

Actual behavior:

FloC isn't being blocked in uBO.

Your environment

• uBlock Origin version: 3.10.2
• Browser Name and version: Brave V1.22.71 (Apr 1, 2021)
• Operating System and version: Windows

Maybe too generic, but something like this:

! Remove Floc checks by websites when using Chrome
!#if env_chromium
*##+js(aopr, document.interestCohort)
*##+js(aopw, document.interestCohort)
!#endif

[uBlock-user]

Is this a POC(Proof Of Concept) ? We don't fix POCs.

[uBlock-user]

As per https://developer.chrome.com/blog/floc/ setting Permissions-Policy header -- Permissions-Policy: interest-cohort=() will cause to opt-out/disable this tracking.

[mapx-]

brave/brave-browser#14942

[mapx-]

https://www.ghacks.net/2021/04/10/duckduckgo-extension-blocks-google-floc-in-latest-update/

[ryanbr]

Is this a POC(Proof Of Concept) ? We don't fix POCs.

While this has Proof of Concept website from EFF, Google is rolling this out as we speak.

[uBlock-user]

This is a good opportunity to implement Permissions Policy(formerly Feature-Policy) support in uBO.

[gorhill]

These are way too likely to cause page breakage, since they are meant to abort JS execution midway:

! Remove Floc checks by websites when using Chrome
!#if env_chromium
*##+js(aopr, document.interestCohort)
*##+js(aopw, document.interestCohort)
!#endif

Following solution probably is better, since I gather that websites will have to check for the existence of interestCohort before using it:

! Remove Floc checks by websites when using Chrome
!#if env_chromium
*##+js(set, document.interestCohort, undefined)
!#endif

The only issue is whether this is too often ineffective due to race condition. I do not have Chrome on my side and can't test this. Whoever is found to be part of the trial could try and report.

Given this is a trial, not sure adding a specific setting in uBO to address this is a good idea at this point, there could be changes in the future which would require to re-work the setting.

[ryanbr]

*##+js(set, document.interestCohort, undefined) worked for me.

[gorhill]

I suppose we could add it to the "uBlock filters -- Privacy" for now, that's the purpose of the list, to create privacy-related filters optimized for uBO.

[gorhill]

I am going to add a scriplet specifically for this purpose:

This way document.interestCohort will be overriden if and only if it exists, and it will return a promise which rejects, the expected behavior when opting out of floc.

[ghost]

AdguardTeam/AdguardFilters@fcc7f0f

[ghost]

AdguardTeam/AdguardFilters@f7b82b5

[Spacefish]

Would be great if this could be configurable via Advanced Config, such the the scriptlet for redefining Document.prototype.interestCohort isn´t executed.
There might be some legitimate reasons to use FloC apart from Ad-Targeting. Like filling suggestion boxes with likely values other people in the same FloC ID have selected most commonly or such.
It´s good to block it by default, but would be nice to have ad-blocking + FloC :)

[gwarser]

gorhill/uBlock@bfdc81e

This commit ensures FLoC is opt-in. The generic filter
*##+js(no-floc) in "uBlock filters -- Privacy" ensures
the feature is disabled when using default settings/lists.

Users can opt-in to FLoC by adding a generic exception
filter to their custom filters, #@#+js(no-floc); or they
can opt-in only for a specific set of websites through a
more specific exception filter:

example.com,shopping.example#@#+js(no-floc)

[h1z1]

Should have called it floc-off :)

[mapx-]

https://github.com/jkarlin/topics

FLoC ended its experiment in July of 2021

https://techcrunch.com/2022/01/25/google-kills-off-floc-replaces-it-with-topics/

[krystian3w]

Now we must follow Topic API, maybe community wrote draft for no-topic scriptlet.

[uBlock-user]

Topics API - https://github.com/jkarlin/topics#the-api-and-how-it-works

[gorhill]

For years I've pointed out that Chrome is an adtech agent, not a user agent, however hard they try to spin it as the latter. This ever present motivation to have adtech API embedded in it just further illustrate that point.

[uBlock-user]

The intent of the Topics API is to provide callers (including third-party ad-tech or advertising providers on the page that run script

I don't think API needs to be foiled, as per the example, it needs to send a fetch request to an ad-server, so as long as we block the ad-server, no need to add yet another scriptlet for this.

[fulldecent]

For all of this discussion of FLoC and v3 manifest, I would much prefer if @gorhill maintained a clear and visible recommendation of what browsers you should use.

He does not owe anything to Google. And if he thinks other browsers are better I would love to see that in the README.