FLoC or Flop? Googles plans to reduce third-party cookies

Ever notice how sometimes Google always seems to have the right solution for several problems or recent interests and paints them into any of your browsing activities? Sometimes it even seems like Google understands those random late night epiphanies that wake you up before you even think about searching the solution up on your phone. This is because of advanced algorithms within Google that typically rely on cookies from sites you visit and spot trends of your browsing habits.

Recently, however, Google has made plans to replace these third-party cookies and prevent them from siphoning your data by creating a less invasive ad targeted mechanism. However, this new mechanism may have a detrimental effect on the privacy of your browsing instead increasing the linkability of user behavior to the point of potentially identifying individual users.

Short for Federated Learning of Cohorts, FLoC is part of Google's fledgling Privacy Sandbox initiative that aims to develop alternate solutions to satisfy cross-site use cases without resorting to third-party cookies or other opaque tracking mechanisms.

The new mechanism has been credited as a compelling idea by several of Google’s competitors but has attracted criticism for its current design, such as "A number of privacy properties that could create significant risks if it were to be widely deployed in its current form" stated Eric Rescorla, chief technology officer at Mozilla, in an article regarding Googles new endeavour.

Essentially, FLoC eliminates the privacy implications of tailored advertising by marketers, allowing them to ‘guess’ a user's interest instead of relying on techniques like tracking codes and device fingerprinting that exposes a users browsing history across all sites.

Despite its promise to offer a greater degree of anonymity, Google's proposals have been met with stiff resistance from regulators, privacy advocates, publishers, and every major browser that uses the open-source Chromium project, including Brave, Vivaldi, Opera, and Microsoft Edge. "The worst aspect of FLoC is that it materially harms user privacy, under the guise of being privacy-friendly," Brave said in April.

The new mechanism has also come under fire from the Electronic Frontier Foundation (EFF), whose mission is to to ‘defend civil liberties in a digital world’, stating that FLoC is a “terrible idea” that can severely compromise the barrier companies currently have instead, allowing the gathering of information about individuals simply based on the cohort IDs assigned to them, "Reducing the identification of your browser from a few hundred million to a few thousand others", according to the EFF.

Indeed, according to a recent report from Digiday, "companies are starting to combine FLoC IDs with existing identifiable profile information, linking unique insights about people's digital travels to what they already know about them, even before third-party cookie tracking could have revealed it," effectively neutralizing the privacy benefits of the system.

Google has put in place mechanisms to address these undesirable privacy shortcomings, including making FLoC opt-in for websites and suppressing cohorts that it believes are closely correlated with "sensitive" topics. But Mozilla said "these countermeasures rely on the ability of the browser manufacturer to determine which FLoC inputs and outputs are sensitive, which itself depends on their ability to analyze user browsing history as revealed by FLoC," in turn circumventing the privacy protections.

Ultimately, the greatest threat to FLoC may be Google itself, which is not only the biggest search engine, but also the developer behind the world's most used web browser and the owner of the world's largest advertising platform, landing it between a rock and a hard place where any attempt to rewrite the rules of the web could be perceived as an attempt to bolster its own dominance in the sector.