This story was originally published and last updated .
Google is about to shake up the status quo on tracking with its newly proposed browser-based Federated Learning of Cohorts (FLoC) tracking mechanism, which it introduced as a replacement for the outgoing third-party cookies the advertisement industry still heavily relies on. But many privacy advocates like the EFF (Electronic Frontier Foundation) and search engine DuckDuckGo think FLoC could turn out to be even worse and more invasive than third-party cookies, and most browser makers were fast to join in on that stance. Almost all of them have vowed or at least hinted that they won’t support FLoC in their products, including those based on Google’s open-source Chromium rendering engine also used in Chrome.
As we explained in our post on how to disable FLoC in Chrome, the idea is to replace third-party cookies with a new and more secure, less individualized system. FLoC is built into the browser itself to identify more broad behavior and interest groups, like, say, “sports fans” instead of “a single user who clicked on football highlight videos in YouTube.” This information is sent to advertisers, so instead of targeting ads to specific users in a system that can sometimes be so sensitive that it’s practically a digital signature, said advertisers sell ads to broad groups.
What’s the problem?
Privacy advocates and other browser makers see huge problems with this idea and fear that it might actually tell advertisers more about you than third-party cookies. The EFF shared an elaborate take early on, explaining why it thinks the new tracking method is just as bad as the third-party cookies it’s replacing.
FLoC could exacerbate many of the worst non-privacy problems with behavioral ads, including discrimination and predatory targeting.
The EFF argues that FLoC just moves tracking from one place to another. Instead of relying on third-party trackers to do the heavy lifting, the browser itself takes over that job, introducing many new pitfalls. FLoC could “exacerbate many of the worst non-privacy problems with behavioral ads, including discrimination and predatory targeting.” While Google is advertising the technique as better than the completely opaque third-party cookies tracking business, Google’s “framing is based on a false premise that we have to choose between ‘old tracking’ and ‘new tracking.'” EFF says it’s “not either-or. Instead of re-inventing the tracking wheel, we should imagine a better world without the myriad problems of targeted ads.”
Brave joined EFF’s stance and was among the first browser makers to speak out against the tracking mechanism. Brave says that while FLoC might sound like a good idea on the surface (you’re no longer being identified as an individual but as part of a group that ads are targeted against), it could turn out to be far worse than third-party cookie tracking. Brave writes that “FLoC shares information about your browsing behavior with sites and advertisers that otherwise wouldn’t have access to that information.” Instead, FLoC would give newly visited sites a much better picture of who you are and which target group you belong to, especially if you block third-party cookies to prevent exactly that from happening.
The fact that fingerprinting data is stored locally on devices could make it easier to track individual users, and while Google promises a so-called “privacy budget” approach to prevent that from happening, the details are still unclear, and Google hasn’t responded to Brave’s queries on how exactly this budget will work. Brave states, “Shipping a privacy harming feature, while exploring how to fix the privacy harm, is exactly the ‘keep digging your way out of the deep hole’ anti-pattern that has made browser fingerprinting such a difficult problem to solve.”
A “privacy preserving system” that relies on a single, global determination of what behaviors are “privacy sensitive,” fundamentally doesn’t protect privacy, or even understand why privacy is important.
Brave goes on to say that FLoC promotes a false sense of what privacy is and why it’s important. While Google promises not to use sensitive data to target users, it still has to analyze all data and then determine whether or not it’s sensitive. The problem is also Google’s global approach. What’s sensitive in one country or region might be fully acceptable in others, and vice versa. Brave says that “a ‘privacy preserving system’ that relies on a single, global determination of what behaviors are ‘privacy sensitive,’ fundamentally doesn’t protect privacy, or even understand why privacy is important.”
The creators of the browser even go as far as recommending sites to opt out of FLoC, as it could also harm them by leaking and sharing user behavior with competitors. Brave gives the following example:
Say I run a website selling polka music, and I serve a dedicated community of die-hard polka fans. My site is successful because I’ve identified a niche market that is poorly served elsewhere, which allows me to charge higher than, say, Amazon prices. However, FLoC may stick users browsing in Chrome in a “polka music lover” cohort, and begin having my users broadcast their “polka love” to other sites, including Amazon. Amazon could then peel off my polka-record buyers, leaving me worse off.
That said, Brave also hasn’t always acted in its users’ best interest. Last year, it was caught inserting its own referral codes to some cryptocurrency trading site links, making it undeniable that it’s a commercial company first and foremost and willing to sacrifice some of its users’ privacy to make money.
Who else is joining the boycott?
Other Chromium-based browsers like Vivaldi and Opera have joined the EFF and Brave in condemning and disabling FLoC, and browser extensions from uBlock Origin and DuckDuckGo are already blocking the new technique in their products. In a statement to The Verge, Firefox maker Mozilla says it’s “evaluating many of the privacy preserving advertising proposals, including those put forward by Google, but have no current plans to implement any of them at this time.” Like everyone else, Mozilla is skeptical about the FLoC approach, explaining, “We don’t buy into the assumption that the industry needs billions of data points about people, that are collected and shared without their understanding, to serve relevant advertising.”
Microsoft is a little more cautious and diplomatic, but is ultimately not ready to implement FLoC in Edge, either. It said in a statement to The Verge, “Like Google, we support solutions that give users clear consent, and do not bypass consumer choice. That’s also why we do not support solutions that leverage non-consented user identity signals, such as fingerprinting. The industry is on a journey and there will be browser-based proposals that do not need individual user ids and ID-based proposals that are based on consent and first party relationships.”
We have not said we will implement and we have our tracking prevention policy. That’s it for the time being. Serious standards proposals deserve thinking and I appreciate Brave sharing theirs.
— John Wilander (@johnwilander) April 12, 2021
As you might expect, privacy champion Apple isn’t too fond of the new tracking technique, either. While the company hasn’t put out any statement, The Verge reports that Safari engineer John Wilander is taking a diplomatic approach by saying that his team hasn’t made a decision yet and is looking to discuss the proposed standard vigorously before slamming it right away.
The fact that WordPress is exploring FLoC as a security concern and is considering blocking it in its installations by default going forward could probably also end up being a huge blow to Google, given that about four out of ten websites are powered by the content management system.
The truth might be somewhere in the middle, as always. With third-party cookies being blocked left and right by most if not all browser makers other than Google, the advertising industry needs a new strategy to help content creators with relevant and targeted ads. As most of the time, a suggestion from advertising giant Google is met with a knee-jerk reaction that might be justified, and Google rolling out FLoC in the wild to users for testing without asking for consent doesn’t seem like the best strategy to establish trust.
But Google itself says it will need time to properly evolve FLoC, and I would hope that the company is ready to listen to feedback and willing to improve its system when it notices that nobody is willing to cooperate as long as FLoC stays in its current form. That might be optimistic, but ultimately, Google is dependent on collaboration if it doesn’t want to fracture the web into fundamentally different experiences depending on which browser you use.
Header image: Vivaldi.