A Warning about FLoC. Googles new tracking explained…

Third-party cookies on Chrome are about to be turned off. So does this mean that Google is about to give up on a huge chunk of its ad revenue? Of course not.

Google has a new tracking method in the pipeline called Federated Learning of Cohorts (FLoC). Based on their browsing history, it’s going to lump users into groups that advertisers will be able to buy into. Because this will no longer be done via the creation of user profiles, Google is calling it a ‘privacy first’ solution to browsing across the web.

Here’s a closer look at what has changed, and what it really means for privacy…

The death of third-party cookies

If you’re using Chrome at the minute, and unless you click on the cookie opt-outs on the websites you visit, many of those websites will deposit third-party cookies (small snippets of code) to your device.

These cookies are able to track your browsing history. From the data they pick up, they are able to piece together a valuable profile of you: the sites you visit, how long you spend on each page, your interests, demographics, location etc. Your profile can then be sold to advertisers for you to be stalked across the web with hyper-relevant ads.

Last year, Google announced that third-party tracking cookies on Chrome would be phased out by 2022. In March, the company issued a blogpost stating that “once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products”.

Chrome is the last of the major browsers to phase out tracking cookies. Apple’s Safari and Mozilla’s Firefox have already stopped supporting them.

What is FLoC?

  • Google is introducing a new method of tracking you all over again, only not through cookies. This new AI-based system is called Federated Learning of Cohorts (FLoC).
  • Of course, most website owners want their sites to be easily found by users on Google. So thanks to indexing information and the various search engine optimization steps taken by site owners, Google generally knows a lot about the purpose and contents of websites.
  • FLoC is a super-tracker that will monitor your browsing activity across all sites and store this information on the Chrome browser. Based on this browsing behavior, it uses machine learning (ML) on the browser to generate your “cohort identity”. A SimHash algorithm generates “magic numbers” to analyze users’ interests and place them into groups (cohorts), made up of people who share similar interests.
  • Advertisers will be able to buy into these cohorts using the same ad bidding technology that Google uses already. So instead of being shown adverts based on your individual profile, you’ll get ads targeted at whichever cohort(s) you’ve been assigned to.

What’s really changed?

For ordinary Chrome users, it is difficult to see how the new system would make any real difference to your usage experience. Your behaviour will still be analyzed, and you will still be targeted for particular ads - only now as part of a group, rather than an individual.

Because the system is not based on the creation of personal profiles, Google says the privacy of users is guaranteed: i.e. individuals can’t be targeted. It’s meant to balance the interests of individuals against the need of advertisers to recognize their target audiences.

Critics say that far from protecting privacy, the new approach actively works against it. Here’s why:


When you visit a website, you automatically transfer certain information to that site via an IP packet (e.g. browser type, IP address and language used). Building on this basic info, it’s possible to obtain further details (e.g. browser version, operating system, hardware configuration, time zones and details of installed plugins). This is known as ‘fingerprinting’: i.e. analyzing your setup and gathering lots of discrete pieces of information to build up a unique profile of you.

Fingerprinting works on the basis of being able to pick you out from the crowd. The argument is that FLoC gives fingerprinters a “massive head start” in identifying you. After all, if a fingerprinting tracker starts by knowing which FLoC cohort you are in, it only has to distinguish your browser from perhaps a few thousand other browsers - not hundreds of million!

Companies could know more about you than ever

A company might not be able to identify you on the basis of your cohort. But FLoC means that lots of sites will have a good idea about what kind of person you are, right from first contact. Let’s say you click on an advert for a jobs site, for instance. You click through to a specific job application page. It now becomes possible to tie your cohort ID to you personally. Do you really want potential employers to know what your real interests are? True privacy surely involves having the right to present or withhold different aspects of your identity in different contexts.

Are you a FLoC guinea pig? Check here…

To test the technology, a trial for FLoC has already been deployed to 0.5% of Chrome users in certain regions, without their knowledge. According to EFF, the current trial regions are Australia, Brazil, Canada, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the U.S. There’s a suggestion that trial numbers could soon be extended 10-fold to 5% of users.

Have you been included as a FLoC guinea pig? EFF lets you find out with this FLoC ID detection tool.

How do I avoid FLoC?

Use a different browser. Mozilla, Brave and DuckDuckGo have all decided to reject FLoC. If you want to browse without targeted ads, these are the browsers to focus on.

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Nathan House

    Nathan House is the founder and CEO of StationX. He has over 25 years of experience in cyber security, where he has advised some of the largest companies in the world. Nathan is the author of the popular "The Complete Cyber Security Course", which has been taken by over half a million students in 195 countries. He is the winner of the AI "Cyber Security Educator of the Year 2020" award and finalist for Influencer of the year 2022.

  • Dray says:

    thank you for this security alert. I have been using Duck Duck Go for a long time now, am very happy with the search engine.

  • Mohammed alnajjar says:

    I like how you can write a clean paragraph and I feel anybody can understand all things you share with us.
    I feel uncomfortable when I use google chrome and now I KNOW all things chrome doing!
    You are great how you can explain all things and suggest how you can avoid FLoC ,thank to you.
    Now I am very exited to began your courses ,but I need know more about Networking and OS.

  • Ky says:

    Hi Nathan,
    Thanks for the important information. Users should have the right to decide where their information is going and who is using it. Firefox is my default browser for many good reasons. I’m enjoying your courses so do keep up the good work.
    Trek On!

  • Anthony Monge says:

    Nathan, I have taken some of your courses and they are excellent. As far as FLoC, is it possible to still use Chrome with a VPN and prevent them from fingerprinting you? If not, I can see Duck Duck Go with TOR being my go-to from now on.

  • Luca Parlapiano says:

    Thanks for your Article! I was studying browser fingerprint and this information is very useful

  • Khaleeq Ahmed says:

    How about the Microsoft edge, is it safe.

  • Sanka says:

    cheers for the heads up… just watching some vids on FloC now.

    Mozilla all the way

  • Javi says:

    Hi Nathan,

    Little question, if one uses different profile in chrome, will they have the same FLoC?

  • any says:

    Hey Nathan, a good article, I do not use Google no’r Chrome or even ms edge, because i get the feeling i am under heavy surveillance by the above. What will happen in 20 yrs from now? well, only certain people know whats coming down the road, & it ain’t the general public that knows, & if/when they find out (In Time). they will not care because these corps use a subtle form of psychology (Mind Poisoning). to ease people into a lions den, if the general public were informed in a very particular way them/we could stop this, & one way this can only begin is if every child born tomorrow wanted the very same outcome, then it will happen. so… what are our chances in this happening? i am sorry for being negative on such a topic, But, i now fear the worst is on its way at this time.

  • Bob says:

    Thanks for the information about Chrome and FLOC. I read that you use Firefox as an alternative to Chrome. Recently I started using Opera because it offers an integrated VPN. What do think of the Opera browser?

  • >