This story was originally published and last update .
Google is about to shake up the tracking status quo with the proposed new browser-based tracking mechanism, the Federated Learning of Cohorts (FLoC), which it has introduced as a replacement for third-party cookies that the industry still relies on. advertising. But many privacy advocates, such as the EFF (Electronic Frontier Foundation) and search engine DuckDuckGo, believe that FLoC could prove to be even worse and more invasive than third-party cookies, and most browsers quickly joined this position. Almost everyone has sworn or at least suggested that they will not support FLoC in their products, including those based on Google’s open-source Chromium rendering engine used in Chrome.
As we explained in our post on how to disable FLoC in Chrome, the idea is to replace third-party cookies with a new and more secure, less individualized system. FLoC is embedded in the browser itself to identify behavior and broader interest groups, such as, say, “sports fans” instead of “a single user who clicked on football videos on YouTube.” . This information is sent to advertisers so that instead of targeting ads to certain users in a system that can sometimes be so sensitive that it is practically a digital signature, advertisers who sell ads to large groups have said.
What is the problem?
Privacy advocates and other browser manufacturers see huge problems with this idea and are afraid they might tell advertisers more about you than third-party cookies. FEP shared an elaborate approach in time, explaining why it believes the new tracking method is as bad as the third-party cookies it replaces.
FLoC could exacerbate many of the most serious non-confidentiality issues with behavioral advertising, including discrimination and predatory targeting.
EFF claims that FLoC only moves the tracking from one place to another. Instead of relying on third-party trackers to do heavy lifting, the browser itself takes over, introducing many new pitfalls. The FLoC could “exacerbate many of the most serious non-confidentiality issues with behavioral announcements, including discrimination and targeting predators.” While Google advertises the technique as well as the completely opaque business of tracking third-party cookies, Google’s ranking is based on a false premise that we have to choose between “old tracking” and “new tracking”. The EFF says that “it is not either. Instead of reinventing the tracking wheel, we should imagine a better world without the countless problems of targeted ads. “
Brave joined the EFF position and was among the first browser manufacturers to speak out against the tracking mechanism. Brave says that while FLoC might seem like a good idea on the surface (you’re no longer identified as an individual, but as part of a group against which your ads are targeted), it may prove to be much worse than third-party cookie tracking. . Brave writes that “FLoC shares information about your browsing behavior with sites and advertisers who would not otherwise have access to this information.” Instead, FLoC would give newly visited sites a much better picture of who you are and what target group you belong to, especially if you block third-party cookies to prevent exactly that.
The fact that fingerprint data is stored locally on devices could make it easier to track individual users, and although Google promises a so-called “privacy budget” approach to prevent this, the details are still unclear, and Google has not responded. to Brave’s questions about exactly how this budget will work. Brave states: “Sending a privacy-damaging feature while exploring how to fix privacy damage is exactly the antipater of“ keep getting out of the deep hole ”that has made browser fingerprints such a difficult issue. solved.”
A “confidentiality system” that is based on a single global determination of behaviors that are “sensitive to privacy” does not fundamentally protect confidentiality and does not even understand why confidentiality is important.
Brave goes on to say that FLoC promotes a false sense of what privacy is and why it is important. While Google promises not to use sensitive data to target users, it must still analyze all data and then determine whether or not it is sensitive. The problem is also Google’s global approach. What is sensitive in one country or region may be fully acceptable in others and vice versa. Brave says that a “confidentiality system” that is based on a single global determination of behaviors that are “sensitive to privacy” does not fundamentally protect confidentiality or even understand why confidentiality is important.
Browser creators even go so far as to recommend sites to abandon FLoC, as it could harm them by leaking and sharing user behavior with competitors. Brave gives the following example:
Suppose I run a website that sells polka music and they serve a dedicated community of polka dot fans. My site is successful because I have identified a niche market that is poorly served elsewhere, which allows me to charge more than, say, Amazon prices. However, FLoC can block users browsing Chrome in a “polka-loving” cohort, and can start sending my “polka love” to other sites, including Amazon. Amazon could then peel off my polka dot buyers, leaving me worse off.
That being said, Brave did not always act in the interest of users. Last year, she was caught entering her own referral codes to some links to the cryptocurrency trading site, which makes it undeniable that it is a trading company primarily willing to sacrifice some of the privacy of its users to make money.
Who else joins the boycott?
Other Chromium-based browsers, such as Vivaldi and Opera, have joined EFF and Brave in condemning and disabling FLoC, and browser extensions from uBlock Origin and DuckDuckGo are already blocking new technology in their products. In a statement to The Verge, the maker of Firefox Mozilla says that it “evaluates many of the advertising proposals that remain confidential, including those presented by Google, but have no current plans to implement any of them at this time.” Like everyone else, Mozilla is skeptical about the FLoC approach, explaining: “We don’t buy into the assumption that the industry needs billions of people data points, which are collected and shared without their understanding, to serve relevant publicity. . ”
Microsoft is a little more cautious and diplomatic, but in the end it is not ready to implement FLoC in the Edge either. A statement to The Verge said: “Like Google, we accept solutions that give users clear consent and do not circumvent consumer choices. Therefore, we do not accept solutions that use the identity signals of users without consent, such as fingerprinting. The industry is on a journey and there will be browser-based proposals that do not require individual user IDs and ID-based proposals that are based on consent and relationships with first parties. “
I did not say that we will implement and that we have our policy to prevent prosecution. That’s it for now. Serious proposals for standards are worth thinking about and I appreciate that Brave shares them.
– John Wilander (@johnwilander) April 12, 2021
As you might expect, Apple’s privacy champion doesn’t like the new tracking technique either. While the company has not made a statement, The Verge reports that Safari engineer John Wilander is taking a diplomatic approach saying his team has not yet made a decision and is looking to vigorously discuss the proposed standard before dropping it immediately. .
The fact that WordPress is exploring FLoC as a security issue and is considering blocking it in its installations by default in the future could also end up being a huge blow to Google, given that about four out of ten sites Websites are powered by the content management system. .
The truth could be somewhere in the middle, as always. With third-party cookies blocked to the left and right by most, if not all, browser makers other than Google, the advertising industry needs a new strategy to help content creators with relevant and targeted ads. Most of the time, a suggestion from the advertising giant Google is greeted with a knee-jerk reaction that could be justified, and Google wildly launches FLoC to users for testing without asking for consent doesn’t seem like the best strategy to build trust.
But Google itself says it will need time to evolve FLoC properly, and I hope the company is ready to listen for feedback and wants to improve its system when it notices that no one is willing to cooperate as long as FLoC stays in shape. current. . This may sound optimistic, but in the end, Google depends on collaboration if it doesn’t want to fracture the web into fundamentally different experiences, depending on the browser you’re using.
Several browsers are out
Updated article with details about several browsers.
Header image: Vivaldi.