The Electronic Frontier Foundation points out that 'FLoC' that Google plans to introduce is the worst

Google plans to end ad delivery using

cookies by 2022 and introduce a new mechanism to Google Chrome. One of the ideas under consideration as a mechanism is called ' FLoC ', but the Electronic Frontier Foundation (EFF) states that FLoC is 'the worst idea' and 'do not do it'.

Google's FLoC Is a Terrible Idea | Electronic Frontier Foundation

Since the EU's new data protection regulation `` GDPR '' came into force in 2018, Safari andFirefox have blocked third-party cookies , and in 2020, Google will ``remove support for third-party cookies in Chrome within two years''. announced that

While third-party cookies are raising concerns about privacy, they are useful as ``very cost-effective'' in targeting advertising that narrows down the display of advertisements based on user behavior and interests. For this reason, it has been pointed out that if the use of third-party cookies is restricted, advertisers and advertisers may be hit hard in terms of revenue.

In order to solve this problem, Google is discussing a new mechanism to replace cookies in the proposal of privacy sandbox . The use of various APIs is being considered in the privacy sandbox, but the one that Google is particularly promising is called `` FLoC '', which has been tested with Google Chrome 89 stable version .

What is 'FLoC', a new advertising mechanism without third-party cookies proposed by Google? -GIGAZINE

However, EFF posted an article on March 3, 2021 titled ``Google's FLoC is the worst idea''. It has been pointed out that FLoC does not abolish advertising targeting and creates new privacy issues.

FLoC stands for Federated Learning of Cohorts, which uses machine learning algorithms to analyze website visitor data and create 'cohorts' of thousands of users. What to do.

Cohorts are created based on browsing information in FLoC-enabled browsers. Your browser collects your browsing information and groups you with users who have similar browsing habits. Then, each user's browser shares the 'cohort ID' that indicates the group to which the user belongs with websites and advertisers, and targeting advertisements are delivered based on this information.

While the details of FLoC are still under discussion, (PDF file) Google's proof of concept grouped users based on domain using the SimHash algorithm, which is also used by Google crawlers. SimHash runs locally on each browser, eliminating the need for a central server to collect behavioral data. On the other hand, cohorts that are too small may lead to identifiable individuals, so it is recommended that a 'central administrator' counts the number of users in each cohort and lumps them together with other cohorts until the number is sufficient. Google suggests.

It is believed that the cohort ID will be available through Javascript, but since the details have not been decided at the time of writing the article, it may change. Also, there is a possibility that grouping will be done by URL or page content instead of domain. The number of cohorts is also undecided, and Google's proof of concept used 8-bit identifiers, but in practice it is suggested that more cohort IDs will be created using 16-bit identifiers. EFF points out that the longer the cohort ID, the easier it is for advertisers to obtain more information about the user's interests and create fingerprints .

And importantly, FLoC is recalculated every week. This means that FLoC is difficult to be a long-term identifier, but on the other hand it can indicate 'how user behavior changes over time'.

Google has made it clear on its blog that it will not track the behavior of individual users on the Internet, but on the other hand, it has also clarified that it will continue to use cohort data to target advertisements based on user interests and concerns. increase.

Google declares that it does not track users on the net - GIGAZINE

In other words, EFF points out that Google assumes that 'websites will continue to share information with advertisers,' and that this will create new privacy risks.

One of those issues is fingerprinting. Previous research has shown that user behavior tracking can be done using not only cookies but also browser features. For this reason, the more different the appearance and behavior of the browser, the easier it is to identify an individual. On this premise, the 8-bit identifier can also be used as a tool for compiling other fingerprints by those wishing to track users.

Google is also aware of the above problem and has promised to solve it, but EFF said, 'We should not create new fingerprint risks until we solve the existing fingerprint problems.'

And, as another issue, EFF points out that ``the FLoC cohort may be able to link information by combining it with another service such as 'Login with Google.''' Trackers using this method may be able to reverse-engineer the cohort allocation algorithm and identify websites visited by people belonging to a specific cohort. Similarly, cohorts can be used to determine age, gender, race, political faction, sexual orientation, etc.

Although the purpose of FLoC is to improve privacy, from the above points, it is possible to provide a lot of information to the side tracking personal information.

In addition, EFF points out that there is a problem with 'targeted advertising' itself in the first place. Until now, a number of discriminatory advertisements have been made in areas such as work and housing by targeting people based on ethnicity, religion, gender, age or ability. For example, credit-based targeting enables “predatory” advertising that shows high-interest loans to people with financial problems. Also, in the political world, targeted advertising is known to have caused global turmoil.

It turned out that the Trump camp was conducting an advertising campaign so that black people would not vote in the 2016 presidential election - GIGAZINE

In a world where FLoC is implemented, direct targeting based on age, gender and income may be difficult, but EFF says it is not impossible. Google says it offers an option to turn off the FLoC function, but it should also anticipate that `` many people do not turn off the function without understanding how FLoC works ''. “Google needs to learn its lessons from the era of third-party tracking and design browsers that work for users, not advertisers,” concluded the EFF.

in Security, Posted by darkhorse_log