Why is 'FLoC' under development by Google 'harmful' and what is the damage caused to users and websites?


third-party cookies are regulated from the perspective of privacy protection, Google is trying to abolish third-party cookies in Chrome and build a new advertising mechanism. However, `` FLoC '', which is being tested as a new mechanism, has not only been criticized as ``the worst'' , but has already been investigated for alleged violations of the Antimonopoly Act. Browser development company Brave explains why FLoC is harmful to users, websites and browsers.

Why Brave Disables FLoC | Brave Browser

Google is discussing a mechanism for targeting advertising instead of cookies in a proposal called ' Privacy Sandbox ', one of which is an API called FLoC. FLoC is an abbreviation for 'Federated Learning of Cohorts'.

Google positions FLoC as something that allows brands and advertising companies to maintain high advertising performance while respecting user privacy.

FLoC does not track users 'individuals' because it classifies users who visit the website into groups (cohorts) of several thousand people and shows advertisements based on the interests of the cohorts. In fact, Google has clearly stated that it does not track individual users on the Internet, which is why it explains that it is 'considering privacy'.

Google declares that it does not track users on the net - GIGAZINE

However, Brave, which develops web browsers, announced on April 12, 2021 that ``FLoC is harmful to web users, websites, and the web as a whole,'' and disabled FLoC in their browsers. Announced.

Here are Brave's reasons why FLoC is harmful:

◆ 1: FLoC tells about the user's browsing history
First, FLoC shares information about your browsing behavior with advertisers and websites that may not otherwise have access to that information.

Google claims that FLoC, which treats users as a 'group' rather than an individual and does not use user-specific information, 'does not harm privacy,' but this is a misleading idea. Brave says that even if it is captured as a group, user-specific information is still being used.

Also, although FLoC still conveys user information to the website as before, Google is cheating it by involving multiple topics.

Google positions third-party cookies as harmful things that violate privacy, and states that the mechanism using FLoC is superior in terms of privacy protection than the current Chrome that uses third-party cookies.

However, Brave, Firefox, Safari, etc. already block third-party cookies in the first place. The new Chrome using FLoC has only improved privacy compared to 'current Chrome', and it cannot be said that privacy is considered compared to other browsers.

And while privacy protection should include the concept of ``not giving the person's information to others without the person's permission,'' Google intentionally excludes this concept. From the perspective of privacy protection in the first place, Brave said that 'enabling cross-site tracking' itself is the wrong direction.

◆ 2: FLoC makes it easy for websites to track user behavior
In addition, FLoC requires a large number of fingerprint elements to be added to the browser due to the specification of ``identifying interest-based groups''.

Fingerprints have been a concern in recent years as they allow users to be identified without cookies.

What is a 'fingerprint' that can identify users without cookies? |GIGAZINE.BIZ

Brave points out that what Google proposes as a countermeasure against fingerprinting associated with FLoC is ``impossible or unlikely to be done''. For example, Google is proposing a mechanism that gives a budget to information that can identify an individual and enables information acquisition within that budget . Brave showed concern about this mechanism to Google, but after more than a year, Google has not responded and the problem has not been resolved. Brave explains that how this 'privacy budget' works is also unclear at the time of writing.

◆ 3: Promote the wrong idea about 'what is privacy'
In addition, Google is considering ways to prevent 'sensitive categories' such as sexual orientation, medical issues, and political ideas from being used in FLoC, but Brave says this approach is fundamentally wrong. This is because in order to determine whether a cohort of FLoC is sensitive, Google must first collect and record information about the sensitive category. What's sensitive varies from person to person, but Brave said that a 'privacy protection system' where Google is the single decision maker is essentially unprivileged.

◆ 4: Cause damage to the website
For example, suppose a website operator finds success by identifying a niche market not recognized by other companies and operating a web service. While the website can set higher prices than Amazon by offering specialized services to some enthusiasts, FLoC identifies the interests of these user cohorts and allows other websites, such as Amazon, to sell them. It is said that there is a possibility of draining users to

For the above reasons, Brave announced that it will block FLoC on its browser. In addition to Brave, the search engine DuckDuckGo has also announced extensions that block FLoC.

Use DuckDuckGo Extension to Block FLoC, Google's New Tracking Method in Chrome

Google is considering FLoC as an advertising mechanism that does not use third-party cookies, but advertising companies other than Google are considering using a new advertising identifier called ' Unified ID 2.0 '. Unified ID 2.0 is targeted by linking the user's email address instead of cookies.

After Cookies, Ad Tech Wants to Use Your Email to Track You Everywhere | Electronic Frontier Foundation

in Security, Posted by darkhorse_log