ClearlyClaire
commented
2 years ago My understanding is that interest-cohort=() implies browsing-topics=(), though I see no harm in making that explicit.
Open dmarti opened 2 years ago
ClearlyClaire
commented
2 years ago My understanding is that interest-cohort=() implies browsing-topics=(), though I see no harm in making that explicit.
dmarti
commented
2 years ago @ClearlyClaire Yes, I have the same understanding. The benefit of #19971 will be to keep the opt out working if/when Google Chrome stops supporting the legacy header. Thank you, this looks good.
leo60228
commented
2 years ago The Topics API intentionally only includes pages which use the API in topic calculations. This would only affect instances which have patched Mastodon to add advertisements, and I think how to handle privacy there should be in the instance admin's hands anyway.
dmarti
commented
2 years ago @leo60228 This could apply to any instance that uses any third-party script. Unless you use Subresource Integrity and do a code review on all third-party scripts, any third party script could be modified to insert an iframe from a Topics API caller. This opt out is a way to provide an extra layer of protection for users of an instance whose admin might have added a third-party script.
It's unlikely that Topics API will only be used for advertising. There are many other parties besides advertisers and ad intermediaries who would want to be able to classify users by interest, even imperfectly with random noise.
leo60228
commented
2 years ago In that case, why not send a Permissions-Policy disabling every feature not used by Mastodon, instead of just Topics API?
dmarti
commented
2 years ago @leo60228 That is a good idea, you should probably make a separate issue for it though.
Pitch
Mastodon already has an opt-out header for a Google Chrome feature called "Federated Learning of Cohorts" for classifying and sharing information about users. See #16034 for details.
Since the opt-out was added to Mastodon, FLoC has been removed from Google Chrome and replaced with a new updated version called "Topics API" which has a different opt-out header. (The FLoC opt-out does still work to opt out of Topics API.)
The new Topics API opt-out header is:
More info: https://github.com/patcg-individual-drafts/topics
Motivation
According to Peter Snyder, Sr. Director of Privacy for the Brave web browser, Topics API is "Rebranding FLoC Without Addressing Key Privacy Issues". The motivations at #16034 seem to apply to both systems.
People who use the web do not expect their browsing interests from one site to be collected and shared at other sites. This may especially important for Mastodon instances where the domain name may reveal some characteristic or interest of that instance's users.