Mozilla Says Google's New Ad Tech—FLoC—Doesn't Protect User Privacy
Google’s upcoming plans to replace third-party cookies with a less invasive ad targeted mechanism have a number of issues that could defeat its privacy objectives and allow for significant linkability of user behavior, possibly even identifying individual users.
“FLoC is premised on a compelling idea: enable ad targeting without exposing users to risk,” said Eric Rescorla, author of TLS standard and chief technology officer of Mozilla. “But the current design has a number of privacy properties that could create significant risks if it were to be widely deployed in its current form.”
Short for Federated Learning of Cohorts, FLoC is part of Google’s fledgling Privacy Sandbox initiative that aims to develop alternate solutions to satisfy cross-site use cases without resorting to third-party cookies or other opaque tracking mechanisms.
Essentially, FLoC allows marketers to guess users’ interests without having to uniquely identify them, thereby eliminating the privacy implications associated with tailored advertising, which currently relies on techniques such as tracking cookies and device fingerprinting that expose users’ browsing history across sites to advertisers or ad platforms.
FLoC sidesteps the cookie with a new “cohort” identifier wherein users are bucketed into clusters based on similar browsing behaviors. Advertisers can aggregate this information to build a list of websites that all the users in a cohort visit as opposed to using the history of visits made by a specific user, and then target ads based on the cohort interest.
Despite its promise to offer a greater degree of anonymity, Google’s proposals have been met with stiff resistance from regulators, privacy advocates, publishers, and every major browser that uses the open-source Chromium project, including Brave, Vivaldi, Opera, and Microsoft Edge. “The worst aspect of FLoC is that it materially harms user privacy, under the guise of being privacy-friendly,” Brave said in April.
Google has put in place mechanisms to address these undesirable privacy shortcomings, including making FLoC opt-in for websites and suppressing cohorts that it believes are closely correlated with “sensitive” topics. But Mozilla said “these countermeasures rely on the ability of the browser manufacturer to determine which FLoC inputs and outputs are sensitive, which itself depends on their ability to analyze user browsing history as revealed by FLoC,” in turn circumventing the privacy protections.
The U.K.’s Competition and Markets Authority (CMA) earlier today announced that it’s taking up a “role in the design and development of Google’s Privacy Sandbox proposals to ensure they do not distort competition.”
