91 comments

[ 2.4 ms ] story [ 155 ms ] thread
I'm really missing why FLoC is a bad thing.

Isn't bundling users into buckets good for individual privacy? In theory if the bucket is too small you are identifiable, but my understanding is that the entire premise of this approach is to ensure that is not the case.

They're made available to every website you visit, according to the article.
Anything which provides more signal to advertisers is a bad thing.
Disagree. The abandonment of advertising in favor of paywalls in media is directly contributing to the increase in polarization and consumption of disinformation. Quality journalism is getting harder and harder to access. People might subscribe to one or two, but they are unlikely to shell out for a publication that does not align with their preexisting views. Meanwhile the propaganda and fake news remains free to read.
Advertising and targeted advertising are not the same. Youtube creators bake in ads relative to the videos (or not) via sponsors and they make more money off that than the ads Google puts in front of the videos.
Advertising is directly contributing to the increase in polarization. If you want to get ad revenue, you have to produce in increasing quantities every year (by directly reducing the quality of the content) and use shady tactics like clickbait and polarizing topics to increase page views.

None of those issues apply to paid journalism.

Are you perhaps misunderstanding how the newsfeed works? People can write all clickbait they want, always have, but it wasn't until that content was forced in your face by Facebook's newsfeed algorithm, or youtube recommendation algorithm or twitters feed algorithm that you are really exposed to that stuff.

And even without clickbait stuff people search for the news that satisfies them and their value system.

All of this happens on data voluntarily shared with the platforms people complain about like Facebook, and there's no end to this in sight.

Advertising in this forum is at the same time useless and barely works (cue the 50% advertising is wasted, don't know which one, and other similar sentences) and the most powerful tool for mind control ever existed.

Facebook and Youtube are also powered by advertising and suffer from the exact same issue. Content producers using these platforms have an incentive to create the maximum amount of content they can and use polarizing topics to get more views.

Any revenue model based on the number of views (like advertising) is fundamentally flawed and will suffer from the exact same problem.

It seems that the same argument could be made about hyper-targeted advertising. In the days where everyone was watching the same network newscasts or reading the same newspapers, they were also all seeing the same advertisements.

The trend towards segmenting people into ever-smaller classes to serve them more targeted ads is another cause of, not a solution to polarization.

FLoC will still give a lot of info about you. A thousand people is not a lot. Plus, because FLoCs change you can track the changes and potentially figure out more about your user. The most important part is that FLoCs will be accessible to every website that you visit it seems. If that’s correct than it’s completely different than when your behavior is known only to Google.
No, you can't really do any of that. A single FLoC ID, while having access to no other identifier, is not gonna say anything about your past history to anyone. It's just useful to correlate to actual advertising campaign performance.

Most traditional adtech, used to targeting attributes, is quite puzzled at how to use this at the moment given they'll all need to invest in machine learning because these IDs aren't interpretable.

The specifications of this stuff are all in the open.

> A single FLoC ID, while having access to no other identifier

That's the key though, isn't it? While I can see that the intentions may be good, this isn't being released into a vacuum, but rather to a world where all of that other tracking infrastructure already exists.

Only during the transition, when all is said and done there are no other identifiers of merit, and since this one can change pretty frequently it doesn't really identify much.

One day I receive a request that says you are group 12345, in 1 hour you are 12346 instead because the algorithm recalculated your FLoC... Not sure what anyone can tell about that without knowing the group ids meanings, which likely not even google will know since this is going to be a clustering algorithm anyway.

> Only during the transition, when all is said and done there are no other identifiers of merit, and since this one can change pretty frequently it doesn't really identify much.

As long as browser fingerprinting exists it will be possible to track the FLoC cohorts a person belongs to over time and learn much more about them than a single FLoC cohort reveals.

But AFAIK, FLoC is only replacing third-party cookies; browser fingerprinting will still be possible.

> But AFAIK, FLoC is only replacing third-party cookies; browser fingerprinting will still be possible.

Effective fingerprinting makes everything impossible. Even if there were no 3rd party cookies and no FLoC, ad-tech can still use fingerprinting to bucket you based on your browsing history. This isn't a criticism of FLoC, this is a criticism of unwanted fingerprinting.

Fingerprinting only tracks your visits to the sites using that particular ad vendor, and FLoC adds additional info based on your visits to other sites.

Sites that know who you are (e.g. because you log in) gain even more info, if they previously only knew about your visits to that site.

If you currently are minimizing your footprint, then this is a larger footprint (bad). If you currently have everything on by default, this is still a larger footprint because it's supplementing everything else, but may eventually replace it with a smaller footprint. Which could be better than the status quo (privacy-wise) but isn't better than turning off third-party cookies and not replacing them with anything.
How? How would fingerprinting use this? It's formed by data used in the past 7 days and the bigger the space of FLoCs the more likely it is that it changes frequently, for example every day if not more frequently.

The fingerprinting would fail to recover the same code at least once a day unless you always visit the exact same sites every day and never visit a new one.

fingerprinting needs a stable state from the browser to work, not something that changes arbitrarily.

I'm not sure if it will aid in fingerprinting, although it is more bits of uniqueness. Even with sub-week persistent I'm pretty sure that helps if fingerprinting is used to track movements between sites, like ad click through rates or for intra-site telemetry. Heck, resolution is still considered valuable for fingerprinting and that changes when people reorganize their desktops.

But beyond simply fingerprinting, it still is providing some tracking. I've seen a lot of "anonymized" data turn out to be not so anonymized in practice, or reversible to a large degree.

Since Edge is using the same (mostly) source code, can we assume that some of the test users are from the Edge side too - or other Chromium based browsers - or limited to Chrome? Quick search didn't clarify this
Note this all occurs client-side, which means that it only affects browsers that implement FLoC.

You can opt-out of this (for now) in Chrome by disabling third-party cookies.

You can also simply use another browser such as Firefox.

Or (hopefully) Microsoft Edge - Chromium engine, without this (and quite a lot of other Goog tracking code).
This assumes Microsoft hasn’t replaced all the Google tracking with their own.
What would stop a malicious client from implementing a noisy FLoC to 'poison the well'?
You could do that, technically there are other APIs like Trust Token API to protect against malicious clients, but one client in a giant cohort is unlikely to cause much damage anyway so it doesn't matter... And this is anyway going to be machine learning driven so unless you poison all of the FLoCs a lot it may end up being discovered or the FLoC simply not considered performant by a specific ad campaign.
Does eff want a future with no targeted ads based on user info or do they have a proposal for targeting that they like?
I want a future without ads. I'll hope for one with ads only targeted based on content, like they were in the old days.

Edit: PS: I when I'm searching for a product, placed results (which reasonably match my intent or possible related needs) aren't ads. Those are helpful suggestions curated by payment and hopefully regulated match.

Untargeted ads means less revenue, so if we go that way prepare for free sites going away or having to pay for some features.

E.g. basic Gmail will be free, but if you want something like Undo Send, etc. then you'll have to pay a monthly fee for it.

And these fees from the various sites will add up quickly.

> Untargeted ads means less revenue

This isn't at all clear, mostly because every "ad" professional I've talked to IRL is as allergic to real data as some people are to peanuts. What you've quoted is a sales pitch.

It's not just clear, it's Cristal Clear™.

Here's a review of all the relevant literature on the topic: https://docs.google.com/presentation/d/1PKHVtO6hgwBJS1vafLyv...

The literature here is of poor quality. For a salient example, look at this: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3020503

Where a giant group is compared to an extremely tiny group and the differences between them are used to make sweeping generalizations about everyone. When this is the quality to expect, it's just good practice to be skeptical.

Edit: Even if this weren't the case, the enormous spread of estimates when it comes to revenue impact really says it all.

they're ads, just done right by providing value instead of being spam.
Targeted ads are only the tip of the iceberg.
I'm pretty sure the EFF (and I know I) want a future with no targeted ads.
'No targeted ads' would be a start.

'No ads' would be preferable.

Good thing I switched to Safari, I don't miss anything from Chrome
Since I got the m1, I opted for safari too: much better battery life. Seems this is a nice added benefit.
For those who feel a bit out-of-the-loop, this excerpt pretty much sums up why the EFF feels that this is, if not worse than 3rd party cookies, not significantly better:

  The proposal rests on the assumption that people in “sensitive categories” will visit specific “sensitive” websites, and that people who aren’t in those groups will not visit said sites. But behavior correlates with demographics in unintuitive ways. It's highly likely that certain demographics are going to visit a different subset of the web than other demographics are, and that such behavior will not be captured by Google’s “sensitive sites” framing. For example, people with depression may exhibit similar browsing behaviors, but not necessarily via something as explicit and direct as, for example, visiting “depression.org.” Meanwhile, tracking companies are well-equipped to gather traffic from millions of users, link it to data about demographics or behavior, and decode which cohorts are linked to which sensitive traits. Google’s website-based system, as proposed, has no way of stopping that.
The way I interpret this is that, based on your browsing history in Chrome (or any browser that implements this kind of functionality) you are placed into a number of categories (or, if one reverses the metaphor, a number of descriptive tags are attached to you). Google is aiming to ensure that certain categories/tags that might be considered sensitive (mental state, physical illnesses, etc.) will be blocked.

(To be clear, this is my interpretation of what they are stating, not an assertion of fact)

The EFF is arguing that this isn't really that straightforward, as sensitive details can still be inferred from non-sensitive details.

What I'm curious about is, who is doing all the ID generation, categorization, and data centralization? Or is Chrome just going to calculate everything itself, then send the data to sites that ask for it?

This isn't how FLOC works though, the EFF persists in the misunderstanding of this technology.

A FLoC is a single ID per browser and it's not human readable, the algorithm to determine this will run in the browser so your data will never leave it. There's no real way for someone to "reverse engineer" the ID, it's just a random set of bits not "people-who-like-shoes".

Last, and I may be wrong here given this announcement, FLoC isn't part of Chrome until Chrome 91 in june, at least I think this is what the Chrome team said Tuesday at the W3C meeting so I'm not sure what this refers to, but it shouldn't be the browser side.

If it's just 'random set of bits', how Google plans to use it? For it to be useful, they must have a way to decompose it to back to those categories mentioned in grandparent post, otherwise how are they going to sell it to those advertisment parasites, I mean companies?
Nah you don't need to decompose it. The only thing that matters is if a given FLoC has more probability to see its members click on ads, or convert on ads, from a given advertiser. This can be discovered with ML with enough data/observations. Nothing else is really necessary.

Those parasites pay for the vast majority of the internet you likely use and benefit from.

I disagree. Those parasites are what destroyed the internet and turned it into the disaster we have now.
I don't think you are being constructive or bringing arguments that support your thesis so I'm going to stop here to reply.
> Those parasites pay for

Yes, but I don't want them to. Of course, I don't have a choice. And the people that keep supporting them keep helping them work their fingers deeper, slowly touching and corrupting everything that I might still find enjoyable there. That's what makes them parasites. They take what's good and they make it worse.

I think parasites are those that want the web to be simply free and have free access to whatever they want regardless of the infrastructure cost of running the internet. It's the actual definition of parasites to feed off of a host organism.

Pay and subscribe to all the sites you read or video sites you watch and let's see how many sites are left that you read. Incidentally I subscribe to a lot of online news sites and video sites to avoid ads where they bother me or to support the journalism, but not everyone can afford this, especially smaller publishers.

The world isn't divided into just two choices for anything, including this. The fact that you can see only two isn't anyone's problem but yours.
What are you talking about? Advertising and marketing are among the oldest concepts and jobs in history and have since the early days of tv or journalism paid for free content.

If you have a new business idea that represents this third way... What are you doing here? Build a business and become a billionaire.

Now I see the problem. You never experienced what the internet was like when it wasn't as ad-infested as it is now. It might be hard to comprehend, but people who were passionated about something and wanted to make a website about that paid for it out of their own pockets without focusing mainly on 'monetization', 'ad revenue', 'SEO' and similar garbage. Unbelievable, isn't it?
Just insisting that somebody is ignorant is pretty rude.

The internet of the mid 90s had a lot of stuff for free. Usenet was great for certain groups of people. The internet of the mid 90s also lacked a ton of products that cost a ton of money to develop and maintain.

People are frightened now of relying on Google to store their photos forever. Imagine storing your photos with a passion project operated by just some person in their spare time. We see people already getting pissed off when OSS developers stop maintaining projects. It'd be that problem times 1000.

> insisting that somebody is ignorant is pretty rude.

This person claimed ignorance of the other party once and in context it's a very reasonable conclusion. There's nothing rude about that, except maybe when you find the state of ignorance bad in and of itself. That doesn't really make sense, as all humans are born ignorant. That's just how things are and that's what teaching is for. Which is what the post being discussed attempted to do.

You do, of course. You could buy ads, put empty space and fund these sites that way. You could even target yourself (within privacy limits of course).

You could get some users together and fund this by a group.

There have been a ton of "replace ads with microtransactions" products over the years. Brave exists today. Are you using them consistently?
Via experiment, ad businesses can determine which 'random sets of bits' lead to good click-through rates and such.
Hm, if that is the case, how will advertisers get any utility out of this? How does the categorization fit into advertisers interests?
It's currently part of the conversation at W3C, advertisers aren't particularly happy about FLoC either, they'll need to build a lot of ML to correlate the FLoCs with their customer's campaigns, one by one, until they find the group that performs. They'll need to develop techniques for this, for example using machine learning and train their models. That's not how this stuff is typically bought today.

In particular they aren't happy also about the 3rd party cookie comparison because it just makes no sense, not sure why the PR focuses on that given that this is minimum 3-4 orders of magnitude less precise than 3rd party cookies, targeting a FLoC is going to be like targeting a zip code, hardly THAT privacy invasive.

> targeting a FLoC is going to be like targeting a zip code

No, it's going to be like targeting by zip code when you already can target by other means as well (fingerprinting, IP address). So it's going to make fingerprinting easier.

The passage quoted above refers to the way google plans to audit FLoC, not FLoC itself.

Each browser is assigned a single floc ID, which is (for now) a 50-bit hash that is not human readable on its own. But the floc ID is intended to capture something meaningful about browsing behavior. Two users with similar browsing history are likely to have similar, if not the same, floc IDs. Floc IDs which are close together (hamming distance-wise) also reflect similar browsing histories. (http://matpalm.com/resemblance/simhash/)

It will be totally possible to gather data about what kind of people belong to a particular floc -- provided that you operate a large website or ad network. It will probably not be possible for normal people.

There's a risk that advertisers will learn that a particular floc ID corresponds to a "sensitive category" of users. That's what google is trying to prevent.

Google plans to audit floc IDs for correlation with visits to sensitive websites. In order to do so, it's assigning a "sensitivity" label to certain websites, and then applying that label to each user who visits those websites. Then it will run analyses to see whether users with a particular floc ID are more likely to have a particular label. Floc IDs that correlate too strongly with a particluar label will be thrown out.

The passage is attempting to explain why this does not prevent adtech from learning other meaningful things about flocs -- for example, that users in a specific floc are disproportionately female, or Muslim, or suffering from depression.

As for whether FLoC is in chrome, see the origin trial page here: https://developer.chrome.com/origintrials/#/view_trial/21392...

All good points, but they don't change the conclusion I wrote though, you effectively further specified the lengths to which Google is going to prevent any potential bad correlation to sensitive categories. Of course there will be correlation of some sort, they aren't random groups, but so long as you can't tell sensitive categories, you can only observe that a group seems more interested in a particular advertiser products. You can't tell their browsing history, just their interests.

Regarding the trial, yeah I know that origin thing is up, and the minutes for yesterday's W3C IWABG meeting aren't going to be out until next week, but the team working on this stuff at Google said that the trial up there is kind of fake and the code isn't merged in Chrome yet and won't be until 91, at some point I have to trust the engineers working on this stuff more than the rest.

[edit]: To be clear, I don't mean that there's no experiment going on, I just mean that it's not the browser running it, that the removal of 3rd party cookies as a way to opt-out likely is due to the fact that they may be relying on server-side computation to do this experiment rather than the browser, I wouldn't see why the browser would care about cookies to track your history, it's already stored in the browser.

> Of course there will be correlation

Yes, and given enough data this:

> so long as you can't tell sensitive categories

will not be true.

> I have to trust the engineers

The engineers that work for a giant corporation whose entire reason for existing is mining and collating as much data as possible on you? Why would you trust them at all?

Because they aren't lying... The source code of this stuff is available in the open and you can verify it. There's no FLoC in the merged code in the main branch.
The point, I think, isn't that this is currently in Chrome, but rather that there are plans to add it to Chrome in the future.
Even with Google's auditing, there are sensitive things that Google (hopefully) can't detect, but others can.

For example, insurance claims. I hope Google isn't tracking enough information to test for correlations between FLoC cohorts and insurance claims, but insurers will have access to that info when customers visit their site to pay bills.

Perhaps they'll find they can more accurately anticipate customer's claims from their FLoC cohort, and use that to price new policies, thus indirectly pricing policies based on browsing history.

The FLoC cohort changes pretty frequently with your history, I don't think you will be tagged for life with "insurance claims", but you could, for a period of time, show up as part of a group that looks interested in insurance, it will hardly go much deeper than this.
To offer just one of many possible examples that come to mind: the FLoC cohort might cluster people who read articles about becoming parents, which, though not visible in the data Google has, correlates with future claims for fertility treatments, pregnancy, etc.

The insurance company has the data, and it doesn't even need to know any of the details, it just needs to realize that certain cluster numbers correlate with future claims.

Perhaps Google will think of some of these correlations, and flag articles about becoming parents as sensitive, but how many unexpected correlations might be overlooked?

The only way to discover this is to buy traffic from that cohort to actually test the behavior. That being said the first version of floc uses just the domain name of your history.

I’m not sure how the insurance company gets that data though in your example.

> I’m not sure how the insurance company gets that data though in your example.

AIUI, they can get customers' FLoC cohort when customers visit their site to pay bills (or do anything else), and see prospective customers' FLoC cohort when issuing quotes online.

Who knows what they'll be able to learn from that? I certainly don't, but I expect them to try, and that worries me.

I feel like a more acceptable solution would be simply to ask user un what category he wants to be put in?.. I know may sound naive, but why not?

This effectively solves the question of optout as i can choose to use default value so that i am indistinguishable from thousands other people This also clearly allows for some targeted ads that user does actually care about. I don't mind seeing ads for technology, but all those "You wouldn't believe this!! 11", and "Look, penis!!" are just insult to humanity.

I know it's still ads. But i have an impression it's ao much better solution

As an iOS and Mac user, I use Safari now 100% for browsing. It has basically all of the features I need.

I think Firefox has improved significantly in recent years as well, but I haven't used it in a while.

A www browser that sends your browsing history to an advertising services company. I can recall a time when this would not be acceptable to www users. Today, www users accept a www browser provided by an advertising services company that, as one might expect, records and uses your browsing history to sell online ad services.
This thing explicitly does not send your history to anyone so I'm not sure what you are commenting here.
(comment deleted)
> records and uses your browsing history to sell online ad services.

Such lack of imagination... The recorded data build behavioral profiles of the whole globe on multiple dimensions.

I've recently been getting google ads for customized tshirts that either have my first or last name _on the shirt in the actual ad_ [1]

I absolutely hate it and can't find anything about it online, other than 2-3 people on twitter complaining about it as well. No idea how they're even doing this or how I can disable it.

[1]: https://i.imgur.com/cRSZFwK.jpg

I assume it’s done with services that have user data, you can then collate the surname + emails, and create a separate remarketing list per surname. Then you target that list with your surname-specific ads.
Most people want things for free. If you asked them if they want free access with ads or paid access without ads I guess most of them would choose the first option.
You're implying here that people can't get things for free without paying in some way and that those ways have to be the two options you present. You're wrong and it's also a logical fallacy.
What are the other options? Surely, none if them is trivially feasible, otherwise we'd see sites using them instead of the current monetization model?
You've moved the goalpost from "there are no other options" to "there might be other options, but they're hard".
You guys need to understand that PEOPLE DONT REALLY CARE ABOUT THEIR PRIVACY IF THERE IS NOT AN ACTUAL HARM.

Its bad but it's a fact. How many decades of outrage is it gonna take for you to accept it.

The privacy and sensitive stuff seems like an excuse. As of now it looks like the implementor (Google Ads) might have a competitive advantage over other advertisers and platforms, since they have direct access to both the ID generator/categorizer and a wider initial base.

Any different advertising platform will always be inferior by definition.

Since the tracking runs on the client now. Would it not be easy to write a browser plugin reporting fake flocs?

Not sure if it would suffice to just overwrite the document.interestCohort(); function and have it report something trollish.

Since a cohort is rather small could a botnet be sufficiently large, to create its own private cohorts and mess up a lot of add deliveries?

So, before we were being followed opportunistically by many advertisers, but no one had full information. Now Google is going to classify all of us for any company who wants to know. That's a net loss of privacy.

The flock system sounds like the Chinese social credit score. I'm wondering what things will be conditioned on FlockID. There are going to be elite flocks and worthless flocks. "Sorry, our services are available only to flock-3453 and flock-2234. Losers like flock-23232 need not come."

Or even a bit more sneaky , sorry but web requests from Flock-3453 is going to be served at a higher priority than flock-2234.

your youtube is slow ? , oh honey Just click on these few websites to change your flock id to one of a more advertisement friendly one.

Looks like they found one the most computationally cheapest way to discriminate against users on the internet.

One identifier to discriminate them all :)

I'd be happy to pay for a browser with my interests at heart at this point. Maybe this is an improvement but it's a problem that doesn't need to exist.
Let's hope Google's FLoC is as successful as their switch to Google+
Could someone help me understand this? Will a user be assigned one floc ID, or multiple? Or is a floc ID a unique ID to a single user?

It seems like if each user only gets a single floc grouping, that this is more private than a system like FB, where any given user could be part of thousands of different targetable "interest groups." Am I missing something? On FB, for instance, I could be targeted for liking Infinite Jest. And separately for like Mountain Biking. And separately for living in Pennsylvania. It seems like Google is doing a lot to obscure the user information into a data black box. Maybe I don't get the idea.

How about just adding a setting and letting user choose his own interests? If this month I'm looking for a new laptop, there's a good chance that after purchase my "interests" might change.