Whether you’ve heard of it via headlines in the news, releases by the EFF, or the viral sharing of AmIFLoCed, chances are you’ve heard about Google’s new FLoC initiative at some point this year.
FLoC, or the Federated Learning of Cohorts, is part of Google’s larger privacy sandbox, and is an experimental replacement for third-party cookies. While the name might sound confusing at first, the API is quite simple in concept (though its execution remains to be seen).
Explaining Google FLoC
FLoC is a new data collection concept by which the browsing and behavioral data of multiple individuals would be grouped up into generalized cohorts and used as an alternative to third-party cookies.
One of the biggest concerns regarding third-party cookies is that they can be attributed to a single person. Advertising platforms can generate user profiles based on their cookies and learn just about everything about a person from their behavior on the Internet.
FLoC aims to obscure the individual in the group, making it impossible for advertisers to single out individual users, and instead only gather and use information about large groups of people with similar patterns of behavior.
These cohorts would still enable personalized advertising, but the ads would be personalized to a profile roughly fitting several thousand people, rather than individual users.
“Federated learning” means that Google will be using machine learning to generate these cohorts. The idea is that advertisers will only be able to target a cohort once enough user data has been gathered to generate one, based on at least a few thousand users per cohort.
Cohorts would be categorized based on interests and behavior, and users could be placed within different cohorts at different times – for example, a single user may be part of a cohort centered around looking at gardening equipment one week, then at another point in time they may be in a cohort of people who viewed a lot of baking recipes.
How is Google FLoC Different from Cookies?
User information will be gleamed, aggregated, and provided by a user’s browser, but advertisers would only ever have access to the information of a generalized cohort of people rather than the individual user information currently made accessible by third-party cookies.
FLoC itself would still have access to that information to generate cohorts, but it wouldn’t be shared, even with Google.
Why Is There Controversy Surrounding Google FLoC?
Although FLoC is a proposed alternative to third-party cookies, there are privacy experts who worry that it’s just a pivot in a similar direction. FLoC holds no answers for common invasive forms of tracking like fingerprinting (which tracks user’s browsing history based on device information and other data rather than cookies) and may be combined with other non-cookie forms of invasive tracking to generate an even more accurate user profile.
Privacy experts also feel that addressing third-party cookies (which track users across websites, platforms, and devices) isn’t enough, and that first-party cookies (which are used to track logins and cart histories, but can also be used to generate in-house user profiles) still lend themselves to the development of targeted ad campaigns that are, by their very nature, discriminatory. Like fingerprinting, first-party cookies could potentially be combined with FLoC to continue to erode user privacy.
Google acknowledges these issues and is pushing ahead with FLoC testing, with the added caveat that the feature isn’t ready for a generalized rollout. So far, only about 0.5 percent of Chrome users in selected regions are being “FLoCed”. Apple, Microsoft, and Mozilla all feel that the feature would have to be improved considerably, and are unwilling to implement it. Brave Browser explains that FLoC: “harms user privacy, under the guise of being privacy-friendly.”
Preparing for the Future
One thing to make note of is that FLoC is proposed to be a replacement for third-party cookies, and their ability to track users as they move throughout the web. FLoC is not a replacement for first-party cookies, which allow websites to offer functionality such as registering an account and logging in, saving items in a cart, and compiling data for the use of user experience improvements, for example.
If third-party cookies were to be extinguished, advertisers would (theoretically) have a harder time tracking a single individual throughout the internet and would be replaced by generalized cohorts instead. But that doesn’t mean advertisers cease to have any info whatsoever on individual users. It’s just that most, if not all of it, will come in the form of first-party data.
This leads to the question: what will advertisers be able to do with first-party data? Google continues to probe and research this question via its FLEDGE initiative, an expansion of a previous Google Chrome program dubbed TURTLEDOVE. Via FLEDGE, Google claims that Chrome plans to take into account: “the industry feedback they’ve heard, including the idea of using a ‘trusted server’ – as defined by compliance with certain principles and policies – that’s specifically designed to store information about a campaign’s bids and budgets.”
FLEDGE testing is currently in progress, and origin trials testing is set to begin this month, with “advertiser testing” occurring at some point later this year before the 2022 deadline. That being said, some experts doubt that any serious testing on Google’s new privacy concepts will take place until next year. Google has stated that ad companies interested in joining these tests will be able to make use of the experimental API through a “bring your own server” model.
Other proposed changes to preserve crucial ad effectiveness functionalities, such as conversion tracking, are still underway. Currently, there have been talks about altering the way conversion tracking data is presented to make it impossible to identify and expose any given individual behind a conversion, but still present advertisers with enough actionable data to determine how successful their campaign was in relation to previous efforts.
The privacy sandbox Google continuously mentions is part of a greater initiative throughout the web to earnestly tackle and answer the questions and problems surrounding privacy and anonymity in the modern web.
Privacy and user data has come into the forefront of public consciousness via the popularity of search engines like DuckDuckGo, Apple’s initiatives to block third-party cookies altogether and market privacy as a selling point for its consumer tech, as well as the implementation of the GDPR throughout the EU. Whether Google’s new initiatives will prove to be a long-term solution, or just a short-term paradigm shift in the online advertising world, is still undecided.