Another acronym. Created by Google. Hold onto your hats as a new “privacy” scheme is exposed for what it really is. Let’s start with what FLoC stands for, “Federated Learning of Cohorts.” That’s super clear to everyone? How about a breakdown of what everything means.


iThemes Security Pro

You don’t need an intergalactic bounty hunter to fight bad guys. iThemes Security Pro will secure and protect your WordPress sites from the wretched hive of scum and villainy across the internet! Prevent hacks, security breaches, malware and more. This is the way.


Federated. Learning. Cohorts. So “federated” in this description quite simply means centralized. “Learning,” is the AI and analytics engine. Last, “cohorts” are segments of humans. How about we rename FLoC as CASH? Centralized Analytics of Segmented Humans.

FLoC is CASH

There is a huge uproar across the internet around this disingenuous plan by Google. Let’s start with Ars Technica, Everybody hates “FLoC,” Google’s tracking plan for Chrome ads: “Google wants to kill third-party tracking cookies used for ads in Chrome with the “Chrome Privacy Sandbox.” Since Google is also the world’s largest ad company, though, it’s not killing tracking cookies without putting something else in its place. Google’s replacement plan is to have Chrome locally build an ad interest profile for you, via a system called “FLoC” (Federated Learning of Cohorts). Rather than having advertisers collect your browsing history to build an individual profile of you on their servers, Google wants to keep that data local and have the browser serve a list of your interests to advertisers whenever they ask via an API so that you’ll still get relevant ads. Google argues that conscripting the browser for ad interest tracking is a win for privacy, since it keeps your exact browsing history local and only serves up anonymized interest lists. Google does not have many other companies in its corner, though.”

WordPress vs. CASH

It was bound to happen – a discussion opened up in the community regarding FLoC, specifically around a proposal to list FLoC as a security issue. Carike, a WordPress team member in Core, Marketing, Polyglots, Support, Themes proposed, Proposal: Treat FLoC like a security concern: “As the Electronic Frontier Foundation explains in their post “Google’s FLoC is a terrible idea“, placing people in groups based on their browsing habits is likely to facilitate employment, housing and other types of discrimination, as well as predatory targeting of unsophisticated consumers.”

First, this is a request from a contributor of WordPress – NOT – a WordPress position. The project gets all sorts of requests from contributors and non-contributors alike. Second, this proposal is listed as a security concern. Carike clarifies that “… treatment like a security concern refers to the process / procedure (accelerated development and back-porting).” Initial reactions were focused on whether CASH is a legitimate security issue. It’s not and I’m glad the clarification was added.

Should WordPress Block CASH?

The simple answer is no. If we are going to block CASH, we should start blocking all sorts of tracking. Maybe even cookies entirely. I don’t think this is a position that WordPress should be taking. Not that I want more screwed up ad tracking, rather I feel that making a statement on commercial tracking isn’t a fight worth picking by WordPress Core. There will be plenty of third part solutions that can address this and I would expect that people who care will implement them. CASH is technically less abusive than existing tracking solutions, so that’s a net plus – the bigger issue should be whether we should be using a browser that creates a hidden privacy invasive tool which will only provide cash for CASH.

Subscribe to the daily-ish #MorningCoffee today.