AXEL.org

floc

A Breakdown of Google’s Alternative to the Third-Party Cookie

In an effort to distance itself from its less-than-stellar reputation on privacy, Google is developing and testing an alternative to third-party tracking cookies. It’s called the Federated Learning of Cohorts (FLoC), and the company claims it solves commonly-cited privacy issues with personalized advertising. Skeptical?

What is a cookie?

While most people know the term “cookie,” they might not understand precisely what they do. Before getting into Google’s replacement, here’s s a brief synopsis:

A cookie is a small file that stores pieces of user data to improve their web browsing experience. Each web server collects visitors’ browsing history, settings, or preferences and saves the data in a file. The next time the user visits that site, the server pulls the cookie’s information and provides a customized experience. This can manifest in several ways, such as saving:

  • Display language preferences.
  • Shopping carts between sessions.
  • Login information.
  • Authentication data so that users don’t have to enter a CAPTCHA.

These are examples of first-party cookies. The website you visit actually collects the data. It is difficult to imagine an internet without first-party cookies. Nobody wants to input all of their information every time they view a site. However, there is another type called third-party cookies.

Third-party cookies

Unaffiliated domains create third-party cookies, which track users across multiple sites. They use this data for retargeting campaigns and personalized advertising. Third-party cookies are receiving backlash from consumers and privacy advocates alike.

These are unlikely to be anonymized in any meaningful way, which leads to persistent tracking. So, unknown to the end-user, advertisers can craft detailed profiles on individuals and market directly to them across the entire internet. Not only is this a blatant invasion of privacy, but it is also susceptible to abuse from predatory companies.

Google’s response to the cookie crumbling

Google recently decided to ban third-party cookies across its ad platform and block them by default on its popular Chrome browser[1]. So, has the search giant finally seen the light and found a newfound commitment to privacy? One peek at their advertising revenues should tell you all you need to know (over $37 billion in Q3 2020[2] alone). Google will not stop tracking people through mobile devices and will still target individuals with ads based on user behavior on their first-party application. Google is large and diverse enough that even first-party cookies pose a problem.

But at least they won’t be sharing individuals’ data with third-party advertising companies anymore, right? The technical answer is “right,” but it’s a bit more complicated. What they’ve really done is create a different way to track people for personalized ads. They have many projects aiming to replace the functionality of third-party cookies under a less toxic name.  The proposals seem to follow an avian theme for some reason, such as PIGINTURTLEDOVESPARROWSWANSPURFOWLPELICANPARROT, PARAKEET, and so on. But one idea has really taken flight…

Enter the FLoC

The FLoC project is deep into its testing phase and has been already delivered tangible results to advertisers (approximately 95% return on ad spend compared to third-party cookies[3]). FLoC stands for Federated Learning of Cohorts. A name that not only rolls right off the tongue but is also definitely not confusing and immediately makes its meaning known.

Snark aside, a FLoC clusters larger groups of people with similar interests together under a shared ID number (their “cohort”) and serves those within the group personalized ads. It uses sophisticated Machine Learning algorithms to analyze variables like the URLs visited, website content, and the typically nebulous “other factors.” So, Google still pulls this data from browsing history, but the information gets calculated on the user’s device rather than sent back to a Google server. This local data gets compiled with thousands of other users to remain private.

Privacy advocates, however, don’t see this as a suitable solution.

Issues with FLoC

Even looking past Google’s dubious past (and present) regarding privacy, the FLoC project raises concerns.

  • Fingerprinting. Millions of websites use hidden code to pull details about their visitors’ computers, and therefore, identities. With FLoC, Instead of distinguishing an individual’s browser from hundreds of millions of others, advertisers only have to worry about how many reside in a particular cohort (thousands?). Google is trying to mitigate this, but there’s no solution coming soon, and the project is already rolling out. Evidently, it’s not a top priority.
  • Contextual identification. Companies could combine a cohort ID with other information, such as data obtained from having a ‘Login with your Google account’ option to identify people. Furthermore,  advertisers can infer demographics from a particular Cohort since people with similar browsing interests can likely be siloed into fairly accurate groups. Google claims it will protect ‘sensitive info’ like race and sexual preference, but its effectiveness is unknown. There’s less recourse for this when it does happen, too, because they’ll have plausible deniability about targeting these ‘protected’ entities.
  • Exploitation. FLoCs could result in the proliferation of exploitative practices. For instance, a cohort of people visiting sites about credit repair could receive ads for payday loans or other manipulative products and services.

Conclusion

This project is already well underway. The days of personalized advertising are here to stay. There’s simply too much money at stake for it to go away without explicit regulation. FLoC only applies to the Chrome browser, which happens to be by far the most popular web browser. If you don’t want to participate in these shenanigans, you’ll have to use a privacy-focused browser. FLoC seems like a step in the right direction over third-party cookies, but it’d be hard to be worse than them. Valid concerns still exist, and privacy-oriented people likely won’t celebrate this stopgap.

Stay private

AXEL promotes the concept of data custody and prioritizes keeping user data secure and private. If you don’t want Big Tech companies like Google mining your information and tracking you incessantly, break free from their hegemony. Share and store files online without anxiety. AXEL Go is a safe, privacy-focused platform that utilizes blockchain technology, the InterPlanetary File  System, and AES 256-Bit encryption. Take back control of your digital privacy. Try AXEL Go today. For $9.99, you can upgrade to a premium account and unlock all of its unique features.

[1] David Temkin, “Charting a course towards a more privacy-first web”, Blog.google, March 3, 2021, https://blog.google/products/ads-commerce/a-more-privacy-first-web/

[2] Kim Lyons, “YouTube brings in $5 billion in ad revenue as Alphabet and Google bounce back”, TheVerge.com, Oct.. 29, 2020, https://www.theverge.com/2020/10/29/21531711/google-alphabet-ad-revenue-youtube-waymo-cloud-search

[3] Chetna Bindra, “Building a privacy-first future for web advertising, Blog.google, Jan. 25, 2021, https://blog.google/products/ads-commerce/2021-01-privacy-sandbox/