id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc,focuses 53069,Consider implications of FLoC and any actions to be taken on the provider (WordPress) front,helen,,"This is a tracking ticket to recognize the [https://web.dev/floc/ FLoC project and Origin Trial], monitor its progress, and discuss any actions that WordPress core should take and the implementation details of such. ""Provider"" refers to the side that is serving the site (CMS, publisher, site admin, etc.) and ""consumer"" refers to the side viewing the site (browser, reader, etc.). For a high-level overview, FLoC (Federated Learning of Cohorts) is a Chrome-based initiative to calculate a cohort (henceforth referred to as ""bucket"") on the browser side for a user based on their browsing activity. It is meant as a replacement for third-party cookies typically used for ad targeting, providing what is supposed to be a somewhat more anonymous bucket of thousands of users to serve as a target rather than you as an individual. It is currently in an ""origin trial"" phase, in which some users are opted in via their usage of Chrome. The current stated intention is for sites not to be included in the calculation of which bucket a user/browser instance is assigned to unless they specifically call the FLoC API or contain [https://twitter.com/rowan_m/status/1383380295336878091 ad resources], noting that third-party JS, such as may come with an oEmbed, can also call the FLoC API and cause a page/site to be included in the calculation. Sites can explicitly opt-out of being included in calculations regardless of the content by sending a header. Whether this current intention remains true is one item to be monitored. Some things that likely need discussion include but are certainly not limited to: * At what stage of the FLoC trial should WordPress consider taking any action? * What level of user education should WordPress provide, either in-admin or beyond? Does this education need to extend to general advice on how to vet third-party embeds which are a potential entry point? * If WordPress were to send the explicit opt-out header by default, what sort of impact would this have on individual users (both providers and consumers) and ad/targeting technology at large? * What is the benefit of a broad provider-level opt-out versus the existing consumer opt-out? * How are folks thinking of opt-in vs. opt-out, since you could consider this opting out of using a technology or enforcing an opt-in only model?",task (blessed),closed,normal,,General,,normal,wontfix,,,privacy