Google has read the writing on the wall. With Firefox and Safari blocking tracking cookies by default and privacy legislation continuing to evolve, Google, through the Chromium project, has been developing a new suite of tools to preserve their business model, as consumers and legislators alike demonstrate increased concern about privacy. Google recently announced their intention to phase out support for third-party cookies; these cookies track people as they browse the web and are used to build profiles of browsing history that give advertisers information about the user’s behavior on the web, allowing inference of the user’s interests and demographics.
Among the replacements for tracking cookies is a proposal for “federated learning of cohorts” (FLoC) as a new solution for behavioural ad targeting. FLoC would assign users to a cohort with similar interests and share this cohort’s ID with any website that the user visits. Unfortunately, FLoC does not address any of the multiple harms of behavioural advertising and is a perfect demonstration of how a narrow focus on privacy can blind us to the real threats that surveillance capitalism poses.
Admittedly, Google’s white paper on FLoC states: “The Federated Learning of Cohorts (FLoC) API is a privacy preserving mechanism proposed within the Chrome Privacy Sandbox, for enabling interest based advertising,” positioning FLoC as a technology to protect privacy, rather than address the wider surveillance harms of adtech. So, let’s first assess the degree to which FLoC protects privacy.
FLoC is a clever piece of technology, making it possible to divide web users into behavior-based cohorts without the need to share the user’s behavior (meaning the history of pages the user has visited) with any third party. This is a clear privacy improvement compared to tracking cookies, which currently allow third parties to collect the detailed browsing history of the user. The FLoC cohort will instead reveal just the aggregate browsing history of the entire cohort, which is intended to be quite large. So, if a user is in cohort “AB4F”, advertisers will (at best) know the set of web sites visited by some of the many individuals in that cohort.
While FLoC is, in some sense, an improvement compared to tracking cookies, it is still not privacy preserving.
There are numerous privacy risks, which the very decentralized nature of the FLoC approach makes difficult to mitigate. For example, it may turn out that a particular cohort will happen to represent a particular sociodemographic population. In this case, the browser may be broadcasting the user’s sensitive socio-demographic identifiers, including ethnicity, social class, or gender identity, to every site the user visits. Although, to be fair, this message will be encoded as a cohort ID. Google acknowledges that FLoC cohorts may represent sensitive sociodemographics. Similarly, there is not a clear solution to ensure that the cohorts remain large (and no clear statement from Google as to how large they will be), increasing the risk that very small cohorts will reveal individual browsing activity (as cohorts get smaller, risks of identifying specific users increase). The Electronic Frontier Foundation, an international non-profit digital rights group, has written an excellent summary of these and related risks.
We should add that Google states that “Whether the browser sends a real FLoC or a random one is user controllable.” If this is the case and dark patterns are not employed to limit its use, this does represent a significant privacy improvement, enabling greater user control to opt out of behaviorally targeted advertising.
Of course, the user may still be tracked by other means, such as fingerprinting or interest groups, but an especially concerning possibility, raising issues of both privacy and competition, is that it is unclear whether Google will continue to use individual browsing history to target advertising.
Google states that:
“Once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products.”
“We use the information we collect to customize our services for you, including providing recommendations, personalized content, and customized search results. […] Depending on your settings, we may also show you personalized ads based on your interests.”
Unless Google changes their policies, it appears that Google will still be able to use Chrome browsing history data to target ads.
Even if Google does not allow advertisers to specify behavioral targets based on this data, they can still use it as inputs to their machine learning systems.
These systems select the specific ads that a user is shown and will generally select the ads that the system predicts, based on interest and demographic profiles and past click behaviour, that the user is most likely to click on. This can compromise the user’s privacy and give Google a significant advantage over competing advertisement systems, which can no longer benefit from tracking cookies.
Google can use their control of the dominant browser to continue benefiting from powerful optimization of their advertising, while competitors may be left behind.
The US Justice Department is already investigating Google’s plans to stop supporting third-party cookies.
So far, we’rejust discussing privacy, while the potential harms from adtech are broader. Harriet Kingaby, cofounder of The Conscious Advertising Network, gives an excellent summary in her report titled “AI & Advertising: A Consumer Perspective”, which identifies seven threats that AI-powered ads present to consumers:
- Excessive data collection
- Harm to the vulnerable
- Online scams and misinformation
- Limited agency
- Environmental harm
- Hate speech
Most of these will not be addressed. With no ability to control the types of cohorts that the system develops, advertising may still be discriminatory and vulnerable populations may still be exploited as their own browser outs them in the form of a cohort ID. Scams and misinformation will still flourish, and this proposal will do nothing to address problems of hate speech.
On a positive note, if users really are given an opportunity to opt out of sending a true cohort value, then FLoC will represent a victory for user control. But if a significant population of users do opt-out, the system will have little value and I suspect that Google does not intend to allow that to happen. As well, the proposal will reduce the magnitude of data collection and may, as a consequence, reduce the enviromnmental harms from analysis of massive data sets. However, the system will also move significant computation from Google’s servers to the user’s own computer, pushing costs and environmental impact to the user.
If Google is successful in building widespread acceptance of FLoC and the related technologies, they will have managed to maintain the status quo, protecting their business model and perhaps even winning themselves an additional edge over competitors, all while doing little or nothing to address the real harms of the future they are building.