Why is 'FLoC' being developed by Google 'harmful' and what is the damage to users and websites?

As third-party cookies are regulated from the perspective of privacy protection, Google is trying to abolish third-party cookies in Chrome and build a new advertising mechanism. However, as a new mechanism, ' FLoC ' under test is not only criticized as 'worst', but has already been investigated on suspicion of antitrust violation. Browser developer Brave explains why FLoC is harmful to users, websites and browsers.

Why Brave Disables FLoC | Brave Browser

Google is discussing the mechanism of targeted advertising instead of cookies in a proposal called 'Privacy Sandbox ', and one of these proposals is an API called FLoC. FLoC is an abbreviation for 'Federated Learning of Cohorts'.

Google positions FLoC as a way for brands and advertising companies to maintain high advertising performance while giving consideration to user privacy.

FLoC does not track user 'individuals' because it classifies the users who visit the website into groups (cohorts) of thousands and shows advertisements based on the interests of the cohort. In fact, Google has stated that it 'does not track individual users on the Internet,' which is why it describes it as 'privacy-friendly.'

Google declares 'does not track users online'-GIGAZINE

However, Brave, the developer of the web browser, said on April 12, 2021 that 'FLoC is harmful to web users, websites, and the entire web,' and decided to disable FLoC in its own browser. Announced.

Brave states 'why FLoC is harmful':

◆ 1: FLoC tells about the user's browsing history
First, FLoC shares information about your browsing behavior with advertisers and websites that have no access to that information outside of FLoC.

Google claims that FLoC, which sees users as a 'group' rather than an individual and does not use user-specific information, 'does not harm privacy,' but this is a misleading idea. Brave states that user-specific information is still being used, even if it is perceived as a group.

Also, although FLoC continues to convey user information to the website, Google is cheating by involving multiple topics.

Google positions third-party cookies as harmful and invades privacy, and states that the FLoC mechanism is superior to the current Chrome, which uses third-party cookies, in terms of privacy protection.

However, Brave, Firefox, Safari, etc. have already blocked third-party cookies in the first place. The new Chrome with FLoC has only improved privacy compared to 'current Chrome', not privacy-friendly compared to other browsers.

And where privacy protection should include the concept of 'don't pass on your information to others without your permission,' Google deliberately excludes this concept. In the first place, Brave said that 'enabling cross-site tracking' itself is the wrong direction from the perspective of privacy protection.

◆ 2: FLoC makes it easier for websites to track user behavior
In addition, FLoC requires a large number of fingerprint elements to be added to the browser due to the specification of 'identifying groups based on interests'.

Fingerprints have been a concern in recent years as they allow users to be identified without cookies.

What is a 'fingerprint' that can identify a user without a cookie? | GIGAZINE.BIZ

Brave points out that Google's proposal for fingerprinting with FLoC is 'impossible or unlikely to be feasible.' For example, Google is proposing a mechanism that allows you to get information within that budget by giving a budget to the information that makes it possible to identify an individual. Brave has raised concerns about this mechanism to Google, but Google hasn't responded to it over a year and the problem hasn't been resolved. Brave explains that it's not clear at the time of writing how this 'privacy budget' works.

◆ 3: Promote false thoughts about 'what is privacy'
In addition, Google is looking at ways to prevent 'sensitive categories' such as sexual orientation, medical issues, and political ideas from being used in FLoC, but Brave says this approach is fundamentally wrong. To determine if your FLoC cohort is sensitive, Google must first collect and record information about sensitive categories. What is delicate depends on the individual, but Brave said that a 'privacy protection system' in which Google is the single deciding factor basically does not protect privacy.

◆ 4: Cause damage to the website
For example, a website operator succeeds in running a web service by identifying a niche market that is not recognized by other companies. This website can be priced higher than Amazon by offering services specialized for some enthusiasts, but FLoC identifies the interests of these user cohorts and other websites such as Amazon. It is said that there is a possibility of leaking users to.

For the above reasons, Brave has announced that it will block FLoC on its browser. In addition to Brave, the developers who are concerned about FLoC are also announcing extensions that block FLoC by search engine DuckDuckGo.

Use DuckDuckGo Extension to Block FLoC, Google's New Tracking Method in Chrome

Google is considering FLoC as an advertising mechanism that does not use third-party cookies, but advertising companies other than Google are considering using an advertising identifier called 'Unified ID 2.0'. Unified ID 2.0 targets the user's email address instead of the cookie.

After Cookies, Ad Tech Wants to Use Your Email to Track You Everywhere | Electronic Frontier Foundation

in Security, Posted by logq_fa