Third-party cookies on Chrome are about to be turned off. So does this mean that Google is about to give up on a huge chunk of its ad revenue? Of course not.
Google has a new tracking method in the pipeline called Federated Learning of Cohorts (FLoC). Based on their browsing history, it’s going to lump users into groups that advertisers will be able to buy into. Because this will no longer be done via the creation of user profiles, Google is calling it a ‘privacy first’ solution to browsing across the web.
Here’s a closer look at what has changed, and what it really means for privacy…
The death of third-party cookies
If you’re using Chrome at the minute, and unless you click on the cookie opt-outs on the websites you visit, many of those websites will deposit third-party cookies (small snippets of code) to your device.
These cookies are able to track your browsing history. From the data they pick up, they are able to piece together a valuable profile of you: the sites you visit, how long you spend on each page, your interests, demographics, location etc. Your profile can then be sold to advertisers for you to be stalked across the web with hyper-relevant ads.
Last year, Google announced that third-party tracking cookies on Chrome would be phased out by 2022. In March, the company issued a blogpost stating that “once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products”.
Chrome is the last of the major browsers to phase out tracking cookies. Apple’s Safari and Mozilla’s Firefox have already stopped supporting them.
What is FLoC?
- Google is introducing a new method of tracking you all over again, only not through cookies. This new AI-based system is called Federated Learning of Cohorts (FLoC).
- Of course, most website owners want their sites to be easily found by users on Google. So thanks to indexing information and the various search engine optimization steps taken by site owners, Google generally knows a lot about the purpose and contents of websites.
- FLoC is a super-tracker that will monitor your browsing activity across all sites and store this information on the Chrome browser. Based on this browsing behavior, it uses machine learning (ML) on the browser to generate your “cohort identity”. A SimHash algorithm generates “magic numbers” to analyze users’ interests and place them into groups (cohorts), made up of people who share similar interests.
- Advertisers will be able to buy into these cohorts using the same ad bidding technology that Google uses already. So instead of being shown adverts based on your individual profile, you’ll get ads targeted at whichever cohort(s) you’ve been assigned to.
What’s really changed?
For ordinary Chrome users, it is difficult to see how the new system would make any real difference to your usage experience. Your behaviour will still be analyzed, and you will still be targeted for particular ads - only now as part of a group, rather than an individual.
Because the system is not based on the creation of personal profiles, Google says the privacy of users is guaranteed: i.e. individuals can’t be targeted. It’s meant to balance the interests of individuals against the need of advertisers to recognize their target audiences.
Critics say that far from protecting privacy, the new approach actively works against it. Here’s why:
When you visit a website, you automatically transfer certain information to that site via an IP packet (e.g. browser type, IP address and language used). Building on this basic info, it’s possible to obtain further details (e.g. browser version, operating system, hardware configuration, time zones and details of installed plugins). This is known as ‘fingerprinting’: i.e. analyzing your setup and gathering lots of discrete pieces of information to build up a unique profile of you.
Fingerprinting works on the basis of being able to pick you out from the crowd. The argument is that FLoC gives fingerprinters a “massive head start” in identifying you. After all, if a fingerprinting tracker starts by knowing which FLoC cohort you are in, it only has to distinguish your browser from perhaps a few thousand other browsers - not hundreds of million!
Companies could know more about you than ever
A company might not be able to identify you on the basis of your cohort. But FLoC means that lots of sites will have a good idea about what kind of person you are, right from first contact. Let’s say you click on an advert for a jobs site, for instance. You click through to a specific job application page. It now becomes possible to tie your cohort ID to you personally. Do you really want potential employers to know what your real interests are? True privacy surely involves having the right to present or withhold different aspects of your identity in different contexts.
Are you a FLoC guinea pig? Check here…
To test the technology, a trial for FLoC has already been deployed to 0.5% of Chrome users in certain regions, without their knowledge. According to EFF, the current trial regions are Australia, Brazil, Canada, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the U.S. There’s a suggestion that trial numbers could soon be extended 10-fold to 5% of users.
Have you been included as a FLoC guinea pig? EFF lets you find out with this FLoC ID detection tool.
How do I avoid FLoC?
Use a different browser. Mozilla, Brave and DuckDuckGo have all decided to reject FLoC. If you want to browse without targeted ads, these are the browsers to focus on.