Browser developers have abandoned Google’s cookie targeting technology, reports VC. Brave and Vivaldi accused Google that the technology is dangerous: in their opinion, FLoC will only harm the privacy of users “under the guise of providing this very privacy.”
In March 2021, Google announced that it would stop using third-party cookies that track website visitors to create advertising profiles. Instead, the corporation will offer new ways to target ads “without collecting personal data.”
On March 30, Google activated a test version of FLoC technology for some Chrome users. With its help, the browser locally distributes users into anonymous interest groups and exchanges their tags with advertisers and websites.
Google says FLoC and other new ad technologies will keep users’ privacy and get rid of their digital fingerprints. But so far not a single developer of popular browsers has supported FLoC, and some of them, for example, the heads of Brave and Vivaldi, have completely criticized Google.
In their opinion, not only FLoC does not solve the problem of user privacy, but also exacerbates it. For example, not only the advertiser finds out about the interests of the user, but also the owners of all sites where FLoC is not disabled. And this information can be used both to manipulate groups of people and to persecute them.
Only Google and other large companies that have enough data to collect a full-fledged user profile without cookies will get practical benefit from the technology, the heads of Vivaldi and Brave note.
How FLoC works and its benefits
FLoC (Federated Learning of Cohorts), as conceived by Google, could become the new standard in browsers. The technology allows you to serve ads to users based on their interests, but without transmitting information about the user’s identity to advertisers.
Instead of an individual profile, FLoC algorithms create cohorts, that are groups of people by interests and qualities.
A person’s browsing history is kept secret and not transmitted, but the browser itself looks at the history of visited sites, analyzes it using machine learning technologies and transfers the user to one of the cohorts (FLoC ID).
In a test implementation, FLoC uses the history of visits to sites for the last 7 days for analysis, places the user in one of 33 thousand behavioral groups, and recalculates the FLoC ID once a week.
When a user visits the site, Chrome tells the site that the visitor belongs to a cohort (conditionally 12345). The site “knows” that the 12345 cohort is interested in, for example, investments and Lego, and displays suitable ads, explains The Verge.
Google claims that the cohorts will consist of several thousand users, so the identity of each of them within the group will be theoretically protected. Chrome doesn’t know which tags each group has, as Google gives this to advertisers.
FLoC provides at least 95% conversions compared to cookie-based ads, Axios writes.
One of the problems that Google wants to solve with FLoC and other cookie-opt-out technologies is to stop digital fingerprinting of users on sites using small data signatures that are collected when they visit a site.
For example, the site owner can find out the IP address, operating system of the device, its screen resolution and other information, and in an implicit way. For example, by playing a short sound signal and analyzing the “reaction” of the device to it.
Apple has publicly announced that it will ban all user tracking methods in Safari, including cookies. Some other browser makers do the same, such as Brave, Vivaldi and Mozilla.
But the Chrome team believes that the tough stance of its competitors will force advertisers to create digital fingerprints of users more often, and this cannot be stopped or regulated.
FLoC, on the other hand, can become an alternative to cookies and not force site owners to look for other ways to collect user data, Google said.
When other browsers started blocking third-party cookies by default, we were delighted with the development vector, but worried about the consequences of this.
We definitely need a more private internet, and we understand that third-party cookies will not work in the future.
The concern is that many publishers rely on cookies to keep creating content. And we’ve seen that blocking cookies immediately spawned privacy-compromising workarounds like digital fingerprinting, which is even worse for user privacy.
Overall, we believe that blocking third-party cookies outright without a viable alternative would be irresponsible and even detrimental to the free and open internet that we all love so much.
Other browsers and organizations have ditched FLoC, some have called it malicious technology
Google Chrome is built on the open source Chromium project – used by Opera, Vivaldi, Brave, as well as Microsoft in the Edge browser. FLoC technology became part of Chromium, but other developers, besides Google itself, did not implement it in their browsers and refused to use it in the future, notes The Verge.
The technology has yet to come out of testing, and other companies and Google competitors are already trying to abandon it or block it altogether.
Vivaldi: “It is not profitable for users to share private data for the sake of Google’s financial success”
Vivaldi founder Jon Von Techner called FLoC a “disgusting tool” that will only strengthen Google’s dominance in the browser market and collect far more user data than third-party cookies. It explains it this way:
- FLoC analyzes behavior in the network and allows, by entering certain groups (for example, when searching for or buying medicines on the Internet), to determine the age, character traits and other “properties” of a person. But only the largest advertisers will be able to analyze the groups in detail and get the most information about them – the same Google, which will only strengthen the company’s position.
- Previously, an advertiser could only collect user information from the sites where they placed ads. FLoC, on the other hand, will allow any site to learn about the behavior and interests of a visitor using the FLoC ID – based on their actions on other sites, even if they did not place ads at all.
- Personal information such as political or religious beliefs can be part of a FLoC ID. So the “unwanted” in dictatorial countries may be at risk if they go to a government site that determines the FLoC ID and sees that the user belongs to a group of persecuted citizens.
- Behavioral profiles can be used not only for advertising, but also for manipulating large groups of people and influencing the user’s online behavior.
Brave: The worst thing about FLoC is that it harms the privacy of users, although it masks as their protection
On April 12, the developers of Brave (based on Chromium) dropped FLoC support from their browser and disabled the technology on their sites, considering it to be dangerous for user privacy.
Brave CEO Brendan Eich noted that with FLoC, “Google keeps the web advertising ecosystem as it sees it,” and the technology only hurts users, and explained his position:
- FLoC shares information about user behavior even with those who would not have access to this data. For example, they looked at a recipe for a pie, and advertisers such as Bing, Adobe and Facebook learned about their culinary interests.
- To prevent FLoC from being used to create digital prints, Google plans to use Privacy Budget technology. It automatically blocks requests for information from the device if the site requests too much data. But it is not yet clear how it will work, and Brave considers the Privacy Budget approach to prevent tracking to be unsuccessful due to architectural flaws in the implementation.
- The technology will harm sites with a good reputation or a narrow audience.
Let’s say I have a website that sells polka music, and I’ve built a community of dedicated fans of the genre. My site is successful because I found a niche market that is not interesting to others – this allows me to increase prices than, for example, on Amazon.
Those who visit me through Chrome will get a cohort of “polka lovers”, and FLoC will carry information about their hobby to other sites, including Amazon. And it can lure my users to it, seeing their interests. Audience stealing is common with ad tech.
- FLoC promotes “misconceptions about privacy and its importance,” Brave said.
The company notes that Google plans to create cohorts with “sensitive” information that will not end up in the FLoC ID for transmission to advertisers.
But Google will still collect “sensitive” information, and plans to determine the degree of its “delicacy” by the number of people in the cohort, which “does not stand up to criticism,” writes Brave.
Also, the head of Brave, Brendan Eich, believes that the very fact of “delicacy” is immoral, since for different people the same information (for example, sexual orientation) can be both “delicate” and quite common. And vice versa – interests that are commonplace for one person can be delicate and even dangerous for others.
Brave has called on all sites to turn off FLoC, calling the technology a step back from the internet’s privacy-friendly changes. Instead, Google is proposing “to reshuffle the sun loungers on the Titanic and support an ineffective and harmful system,” said Brave chief executive Brendan Eich.
Opera, Mozilla: “We have no plans to implement FLoC”
Opera representatives in a conversation with The Verge said they are not going to integrate “advertising cookie alternatives” into their browser yet.
They recognize that it is important to stop using third-party cookies in order to reduce user tracking. But it is too early to say in what direction the market of browsers and online advertising will develop further.
Firefox developers are also not going to use alternative advertising technologies, including those from Google.
According to them, the company does not believe in the assumption that the industry needs “billions of points of access to data about people, which are collected and transmitted without their understanding, in order to offer relevant advertising.” Instead, Firefox blocks more than 10 billion trackers every day.
DuckDuckGo: Rejecting Cookies Will Not Prevent User Tracking
Search engine and mobile browser developer DuckDuckGo noted that the FLoC identifier can contain potentially confidential information and help advertisers identify a user.
The company has released an update to its Chrome extension that disables FLoC in the browser and prevents sites from tracking users via FLoC ID.
DuckDuckGo also opted out of collecting FLoC ID in its search engine for user identification or advertising.
WordPress will block FLoC
On April 18, the WordPress developers said they viewed Google’s new technology as a security risk and proposed a code to block FLoC on WordPress sites.
In their opinion, association in interest groups can contribute to their discrimination and attacks on certain categories of people – on religious, gender and other grounds.
The same is the opinion of the human rights organization EFF (Electronic Frontier Foundation). Its representatives note that the technology replaces some problems with others and will exacerbate the collection of “digital prints”.
It is also possible that FLoC ID is subject to reverse engineering, with the help of which it will be possible to find out the user’s history of visits based on their data about the cohort.
Microsoft and Apple Call for Balance between Advertising Technology and User Privacy
Microsoft did not answer directly to The Verge’s question – the company said it believes in a “transparent” Internet in the future, which will preserve user privacy and support “responsible business models.”
The company noted that it only supports technologies that require a clear consent from the user to process data, and browser developers must choose solutions that do not require individual user IDs to work.
Microsoft called its project, Parakeet, a possible solution in which the user ID is known only to the proxy server, through which it is masked with statistical noise and only then is transmitted to the advertiser.
Apple’s Safari has its own Intelligent Tracking Prevention.
WebKit (Safari engine) engineer John Wilander did not confirm on Twitter that Apple would abandon FLoC: “We didn’t say we wouldn’t use. So far we have ITP. Serious web standards proposals require discussion, and I appreciate that Brave shared their thoughts. ”
You can check if you have Google FLoC enabled in Chrome
NIX Solutions notes that currently Google is testing the technology on 0.5% of users worldwide in some regions – Australia, Brazil, USA, Canada, India, Indonesia, Japan, Mexico, New Zealand and the Philippines.
To find out if the FLoC ID has been activated, the human rights organization EFF launched the Am I FLoCed?, and it is enough to press the “Check for FLoC ID” button to check.