Opt-out of Google’s FLoC in Rails

Opting out from Google’s Federated Learning of Cohorts in Ruby on Rails.

What is FLoC?

Federated Learning of Cohorts or FLoC, in short, is Google’s next-generation web tracking feature. FLoC will profile users in the browser itself instead of relying on third-party tracking cookies. FLoC, as part of Google Chrome, records the websites you visit and groups users with similar interests under a “cohort ID”. This identifier can then be used by advertisers to decide what ads to show.

There has been some criticism: browsers like Brave and Vivaldi pledged to not implement FLoC, DuckDuckGo has an extension to block FLoC, and the EFF built a website to check your FLoC ID.

Steve Gibson, on the other hand, explains why he thinks FLoC might be an improvement over today’s tracking cookies.

Opt-out Header

Like all Google Chrome users, websites will automatically opt-in if Chrome detects the website is serving ads or using the Permissions API. This means your website visitors will be tracked if they use Google Chrome. It looks like websites can opt-out by sending a custom HTTP response header:

  Permissions-Policy: interest-cohort=()
  

Paramdeo Singh has a great post full of snippets to easily configure the most common web servers.

Ruby on Rails

If we are using Ruby on Rails we can set a custom HTTP header in the ApplicationController that will be sent with each response by adding the following to the app/controllers/application_controller.rb:

  class ApplicationController < ActionController::Base
    after_action :add_floc_opt_out_header

    def add_floc_opt_out_header
      response.set_header('Permissions-Policy', 'interest-cohort=()')
    end
  end
  

Check the headers via the developer tools of your non-Chrome browser and you should see a ‘Permission-Policy’ response header. This should hopefully do the trick for now.

This post is open source. Did you spot a mistake? Ideas for improvements? Contribute to this post via Github. Thank you!