> Brave is a free and open-source web browser developed by Brave Software, Inc. based on the Chromium web browser. It blocks ads and website trackers, and provides a way for users to send cryptocurrency contributions in the form of Basic Attention Tokens to websites and content creators along with the ability to keep the cryptocurrency they earned.
> Third-party cookies are the technology that powers much of the surveillance-advertising business today. But cookies are on their way out, and Google is trying to design a way for advertisers to keep targeting users based on their web browsing once cookies are gone. It's come up with FLoC.
> FLoC runs in your browser. It uses your browsing history from the past week to assign you to a group with other "similar" people around the world. Each group receives a label, called a FLoC ID, which is supposed to capture meaningful information about your habits and interests. FLoC then displays this label to everyone you interact with on the web.
Brave [0] is a web browser, built from Chromium, but with built in ad and tracker blocking.
FLoC stands for Federated Learning of Cohorts. The third party cookie is dying, and FLoC is a way for companies to group people together and track them, rather than tracking individuals. Here's more info about that [1] and here's an EFF article about why it's dangerous [2].
Brave is the first global digital ad platform built for privacy, offering advertisers the opportunity to participate in a premium, brand safe, and opt-in ad ecosystem, designed for a future without 3rd party cookies.
Brave claims to be a privacy oriented web browser. It is apparently based on Chromium and someone identified a Chromium feature that was phoning home (I.e. Google servers) with some informations reducing user anonimity
(At least that's what I understood from a quick look)
FLoC enables ad selection without sharing the browsing behaviour of individual users.
FLoC provides a privacy-preserving mechanism for interest-based ad selection.
As a user moves around the web, their browser uses the FLoC algorithm to work out its "interest cohort", which will be the same for thousands of browsers with a similar recent browsing history. The browser recalculates its cohort periodically, on the user's device, without sharing individual browsing data with the browser vendor or anyone else.
If I must have ads, I'd prefer not be tracked by hundreds of untrustworthy companies, and I'd also prefer not see irrelevant ads... This therefore seems like the best bad option...
I'd also like to support websites I visit, though, if I don't have the money to directly donate to them and if I am going to purchase a product anyways (think visiting an amazon product page, leaving it for a day, then clicking an ad for it to give x% to the website). Many websites today wouldn't exist without ads since a lot of their traffic is people who don't go out of their way to donate to websites they find useful. If I can do this without giving up privacy I'll turn off my ad blocker (and I already do for websites I find useful).
It’s been said many times, but if the business model is advertising then you’re the product.. not the quality journalism or content. They’ll focus on generating content to increase engagement instead of perfecting what you think it is they are supposed to deliver.
Perhaps it is time for an advertising model to die out as the default.
This is why I’m more than happy when sites say “adblocker detected, please disable or leave”.
I will not render your ads. I’d be happy to put that in the first http request to your site. If that means no site for me, then quite honestly 90% of my browsing is a waste of time anyway.
Lets not pretend that ads help people with less money. Ads are designed to manipulate people into buying things they don't need.
They encourage people to believe their self worth is linked to the things they own. That a persons status in society is somehow associated with how much money they have to spend.
> Lets not pretend that ads help people with less money.
Who's pretending? Ads naturally and quite effectively price-discriminate, and so they do make internet content cheaper for people with less money.
You may have problems with excessive consumption, but many people in developing countries do not. They desperately need the free content (educational, informative, and otherwise) that the current internet model provides them.
My family is made up of poor immigrants, many of whom are back in their home country. Free communication systems are a godsend for them.
While I love libraries and public broadcasting, I learned to code as a poor kid through library books, they are not the full solution and they never provided free, instant, and any time international communication for people.
I still watch traditional TV. Whenever commercials start I zap to another channel immediately. Would I mind if these commercial channels disappeared? Probably not.
I'm not stealing anything by instructing my computer not to run code against my consent. No one is entitled to my CPU time. Least of all are advertisers.
Also, the store isn't freakishly stalking me and noting down all my habits whilst sharing what it has collected with its friends, or indeed anyone who will buy the data.
Besides, candy is impossible to replicate in the same way that data is. Theft of physical objects is a materially different act from advert blocking and avoidance. I'm not obligated to view adverts in every public space because they fund the local government. I'm not denied access to the cinema because I arrive 10 minutes after the start time to avoid the adverts. Or back in the day when I taped TV shows and fast-forwarded the adverts, had I a responsibility to view them?
They're useless noise that contribute no value to anyone beyond whoever pays for them, and therefore I find it a moral responsibility to limit my exposure to them and restrain the harm they do to others. And curiously, I am much more content and much less impulsive in my spending habits since I installed uBlock.
Also, the store isn't freakishly stalking me and noting down all my habits whilst sharing what it has collected with its friends, or indeed anyone who will buy the data.
Many retail stores do, actually, through wireless tracking, cameras, and/or purchase history. They will buy and sell consumer data through the likes of Acxiom.
It would be great to have a ublock equivalent for the physical world.
There is: paying with cash, not using loyalty cards, and refusing to supply zip codes, phone numbers, and whatever else they rudely ask for get you 92% of the way there. For the rest, you can wear a Groucho mask while in the store. But that only works if Groucho masks become popular.
I would respect the Adblock crowd more if they didn’t run around describing their actions as brave or “morally responsible.” It’s ok to admit that you’re taking something without return!
As if you have never run to the bathroom during a commercial break.
No one is under any obligation to accept advertising. Only since the modern web have advertisers and content providers made this an argument on ethics.
Oh, please. Tell me you've never fast-fowarded or muted the TV or changed channels during a commercial. Tell me you've never been reading the newspaper or a magazine and skipped reading the ads.
I'm not really sure what crowd of us you think claims that ad-blocking is "morally responsible". I certainly don't see it as a moral issue at all. I just don't want so see ads, period. I think they're psychologically manipulative garbage, and I don't want them in front of my eyes, infecting my brain.
If someone wants to publish something behind a paywall, I'll pay if I think it's worth the price. If someone wants to put up an ad-blocker-blocker and refuse to serve that content to me, that's fine too; I'll live without their content.
If a server is going to send me bits over the wire, I am going to decide how I view those bits, and which bits I do and do not want to see.
The person you're replying to is not accusing you of stealing, they are using stealing from a candy store as a metaphor for how a certain amount of behavior that a company doesn't like is tolerated because it is not worth the effort to stop. The point is that Google could prevent most people from using ad blockers any time they wanted, but don't view it as worth the bad PR (or choose not to for other reasons).
Well, someone else is covering it in post it notes and serving it to you. Again, the same issue applies, if everyone covers the ads in the journal then the advertisers will leave the journal and it will have to shutdown.
This is a rhetorical bait-and-switch. The "stealing candy from a store" messaging is crafted to imply moral failure. The implication is there when you present the situation with that framing—you can't just walk it back when called out on it!
Nobody frames, say, taking a bathroom break when the ads play during a football game this way.
> I'm not stealing anything by instructing my computer not to run code against my consent. No one is entitled to my CPU time. Least of all are advertisers.
One might argue that you are then not entitled to view the content on ad-supported pages as well.
I use an ad blocker too because many ads are just horribly intrusive, but I honestly can’t blame any page circumventing ad blockers, nor do I believe that I am somehow morally entitled to an ad-free, compensation-free browsing experience.
Narrowing all of this down to CPU time misses the point entirely in my opinion.
> They're useless noise that contribute no value to anyone beyond whoever pays for them, and therefore I find it a moral responsibility to limit my exposure to them and restrain the harm they do to others.
They‘re literally paying for the content you get to view for free.
> One might argue that you are then not entitled to view the content on ad-supported pages as well.
This is true, and websites are entitled to try to detect and block users who use adblockers. And users are entitled to use better adblockers that are harder to detect.
> One might argue that you are then not entitled to view the content on ad-supported pages as well.
Then they shouldn't serve the page in a way that it can be viewed without also viewing the ads. Ad-blocker-blockers are a thing, and I am happy to close that tab and never visit the site again when I see one.
> They‘re literally paying for the content you get to view for free.
Hopefully someday they'll be forced to find a business model that doesn't include destroying the privacy of their website's visitors.
I'm grateful that you would take the time to speak with me. I know it's an expensive thing to do.
I'll start with ~~a humorous point for an autistic person~~ the worst kind of pedantry. An object cannot be no one's and mine at the same time. If I own it, then it isn't no one's. To the degree the CPU is indeed yours, then it is someone's CPU. Obviously, there's some conversational implicature embedded in your claim here, and that's what we're here to clarify.
For the record, I'm on your side. Your overall argument is something everyone needs to hear. So, I'm not here to destroy your assertion, but I think it should be weakened. There's a lot packed in there.
I take your proposition to mean, roughly, that the CPU in your possession is something only you have a cluster of moral claim rights to (which corresponds to a cluster of moral obligations of others to you regarding that CPU), with no possibility of overriding reasons, caveats, or provisos. Now, you could be speaking about political claim rights, but I don't think that's the case here (correct me if I'm wrong). Is that a fair interpretation, and do you wish to maintain that? Can you think of any exceptions? Are there any adjacent possible worlds in which that is not the case?
Look up the legal definition of "theft". In your analogy the candy would be the user's privacy and attention, which the adblocker denies the store use of. It is only theft if the store owns the user's privacy and attention. Are you so owned?
On the contrary, the websites who display ads steal screen space on my machine without paying me for it, some of them even steal computing time by running unauthorized scripts.
I was kidding, of course. Neither running an ad blocker nor running a website that runs script is stealing anything.
However, I do run an ad blocker and I'm completely fine if every company that relies on ads for income goes out of business. In fact, I'd appreciate it.
No. If advertising became impossible, vendors seeking to compete would be forced to make products good enough to be enthusiastically-shared, word-of-mouth, and everything in the world would be significantly better than it is.
Well then stop tracking me around the internet and then we'll talk. Ads used to just be 1 direction. Give up the feedback path and I'll be fine as long as I don't get 5 pop ups blocking the article I'm trying to read and THEN fingerprint me and follow me to the next website.
That is a pretty poor argument. There has never been any guarantee that ads will be rendered, and users rapidly learn to ignore areas of the screen where ads typically appear (I have seen user studies to this effect). "Reader mode" will basically prevent ads from being rendered, unless the ads are purely text and are inlined with the main text of the page. Calling ad blockers "theft" is as ridiculous as calling ads themselves "theft" -- after all, the ad companies are using a large fraction of the bandwidth users paid for, and the CPU cycles and electricity on their computers, without having been asked to do so and without having asked permission.
If websites really find that ad blockers are killing their revenue, they will switch to a paywall model, and maybe micropayments will finally happen (or perhaps a service that allows users to subscribe to large numbers of websites at a time). Whether or not that is a good thing depends on who you ask.
I used to hold this view, and I argued that exchanging ad impressions for web content was some sort of social contract. I think this would be defensible if not for the massive privacy violations, and the fact that Google and Facebook continually alter the deal, and pay politicians to ensure we have no seat at the table to negotiate.
Preach. I don't consent to tracking. I don't want my browser helping anyone track me in any way. I don't want to be pressured and manipulated into buying things I don't need. Advertising is not moral and I owe nothing to anyone who tries to manipulate me.
Websites can move to more efficient and lighter methods of delivery to cover the absence of advertising revenue. Anyone skilled who works in the advertising industry is freed to offer his skills to better human endeavours. Everyone wins.
Plainer HTML and very little Javascript which will reduce development and running costs. As witness, this very website. It supplies all that is necessary and no more. It is very successful.
With harmful incentives removed, this would encourage websites to focus on good writing and less on being 'content farms' to drive up engagement for the advertisers.
All I want from most sites is the text. Not adverts, trackers and those damnable autoplaying videos that jump out and follow me down the page. I use the reader mode in most cases. Why is it necessary to use reader mode if not to cut the useless cruft? Why can't the web just be like that?
> Anyone skilled who works in the advertising industry is freed to offer his skills to better human endeavours.
I don't want to be rude, but won't they just end up losing their livelihoods? If the advertising industry goes, most programmers will see their salaries drop hugely. Even those not working in advertising will see a drop due to the flood of supply.
I like this analogy. Why should I be concerned about the collapse of an industry whose dominant effect is to make the world a worse place? Especially if, as in advertising, that effect is the intended outcome, rather than an externality, as in coal production.
I don't agree. The more likely outcome would be complete domination of big brands because they own the mindshare (e.g. people will remember Amazon.co.uk, they will not remember hundreds of small businesses too).
Even if you were not directly influenced by advertising, you probably were indirectly through word of mouth.
Honestly I have no problems with ad's as long as it doesn't involve any tracking (or lets call it what it is spying).
If blog or similar can finance part of their cost with Ad's, why not.
Sure on slow internet it's a somewhat different matter.
Anyway Ad's okay, but tracking for me is spying and should be treated like that, i.e. it should be illegal.
There are ways to have personalized ads without it, like local learning which then selects to get an add for a specific topic, with that a side could still track which ads you got, but it would be much less useful as FLoC, and then you add additional steps to even further decrees any chance of tracking.
Companies still get implicit feedback by what adds get selected more then others.
People can explicitly blacklist annoying (or offensive) adds making sure they don't see them ever again and if enough do so in turn making that app not seen much more at all etc. etc.
But the FLoC cohorts are WAY to small/identifiying to not allow you to be tracked fairly easy with it. Just combine it with other identifying aspects of browsers (there are a lot) and I wouldn't be surprised if it's often allows a 100% unique identification.
And given that you likely wont be able to "ad-block" FLoC this makes it way worse then the status quo.
If you could give me a world in which ads were always static images with a link behind them and nothing more. Where they never move, never pop, never animate, never play sounds or video, never run scripts etc etc...
Yeah, in that world, ads would be ok with me. Sure they're pointless because I won't click on them - but not really worse than having a blank spot in the page because of an ad blocker.
While I have no problem with the concept itself of advertising, I do have a problem with modern implementations of ads. Almost invariably, they are loud (vocally and visually), intrusive, obnoxious and almost coercive in their use of language. They are intended to dumb down the target audience, rather than enrich their targets' lives.
I do have a problem with everything that attacks my ability to think freely.
I'm not sure you can separate the two. Advertising as a concept is rooted in the economic system within which it's operates. Fundamentally it's a competition for the most "effective" ads. Advertising "as a concept" is meant to influence, and obstensibly obnoxious ads can effectively influence their target audience.
This is a more concise repost of a previous comment that I posted too hastily.
It's fair to believe that ads are 'ok' - it's also possible that people in general don't want them. Hosting low-traffic websites on a smartphone with cellular data is just-about-feasible now.
Rather than inventing very technically clever ways to continue on our existing path, as Apple and Google are doing, I think it'd be pleasant to simply move beyond the advertising model of content on the internet.
If asked, I don't believe people would want to be tracked or have ads mixed into their content.
I don’t know that’s the whole question, though: I know that I, personally, would be unwilling to pay a subscription fee for every site I’ve gotten information from. I wonder how many people would choose advertising if the choice is posed as ads or content subscriptions/micropayments.
This assumes that most of the content would require much funding to operate.
Could we make it cheap enough to host a personal blog and/or wiki on a smartphone for, say, $10 a year?
The economics would be very different as sites scale up their traffic (compare with, for example, The New York Times).
I think the (relatively) small number of high-traffic sites would be able to find revenue streams to support their hosting - perhaps those would be where subscriptions would be effective.
It’s not just that, removing ads as a funding source make the barrier to entry higher for someone who wants to launch a competitor to the platforms: medium, substack, NYT, etc.
This may of may not be good, but I’m a bit concerned that destroying the adtech industry may have ripple effects that end up being worse than some middle way like FLoC
Brave is a free open source product that you don't have to pay for or use. It's a browser with an integrated ad blocker. I opted into Brave, no one forced me to. I asserted my right as a user to run software on my machine how I see fit when I browse the web. The ad model of the web is exploitative, monopolistic, privacy invasive, abusive to everyone, and makes the whole open web ecosystem bow down to the whims of Facebook and Google.
I have opted into using Chrome, no one forced me to. I have asserted my right as a user to run software on my machine how I see fit when I browse the web. The ad model of the web allows me to freely browse the web while providing a source of income to those who work hard to provide the services and information I seek on the web.
That just seems like hyperbole actually, and from a biased opinion or vested interest.
Brave seems to handle privacy very well considering the choices available, and has made a number of good privacy decisions from what I can see after watching browsers evolve for 25 years. I have switched to using Brave and installing it for those I support.
The crypto thing is 1) easy to turn off, 2) an attempt at a possibly better business model where users aren't just sold with it. Regardless I simply turn the crypto setting off.
Of course, you can pretty easily see it traded on exchanges. [0]
There’s over a million web creators accepting bat just from brave [1] and while that’s not everyone or even a big percentage it’s not “few web creators.” If you don’t want to give to web creators you’re free to cash out and donate cash to charities. So that’s a plus that’s not possible with other browsers.
Note, I don’t use the crypto feature in brave, I’m just annoyed by people spreading FUD about stuff.
The reason I trust them is that I can monitor what info is sent from my pc from the brave app. So that’s a good thing. They aren’t tracking and reporting all my browsing so that’s good.
I’ve never done anything with the crypto part. I just use them as a clean, ad-free browsing experience. There’s ad blockers for other browsers but brave is the easiest for me to use.
the option to be tracked by one untrustworthy company? oh and they’re also in charge of the “anonymization” algorithm, oh and they also decide who is exempt due to protected status (race, income, etc), did I also mention they make the browser most people use and are one of the world’s largest advertising providers?
where is the better part? is it the fact that this makes fingerprinting easier? or that floc makes more data available to advertisers than cookies?
It's not because the way it's made it makes it easier for hundreds of untrustworthy companies to track you...
It says it's about respecting the privacy of users better but in practice it fails very bad at doing so the only thing it archives is allowing Google to disable cookie based tracking and with that makes it harder for 3rd party trackers to be google independent (it not harder for 3rd party trackers if they use/abuse the FLoC Id and generay there are many ways to track users which are not cookie based so especially when it comes to the very bad offender of invasive tracking it doesn't make a difference or becomes even easier, but some of the smaller google ad (and analytic) alternatives will have it harder).
This sounded good when I first heard it, but by now I understand 'relevant' to mean 'tailored to optimally influence my behaviour', eg showing me articles about the futility of voting if my political preferences are likely to lean a particular way.
I strictly prefer irrelevant ads less likely to influence me.
I really have enough projects, TODO lists, interesting things to buy to last for lifetime of 250 years.
Why I would want ads likely to influence me? There is basically no chance that ad will show me useful, worth using object or service to buy that I would not discover anyway.
It would be just another scam more effectively targeting me.
There are plenty of good products that only get discovered because of advertisement. People aren’t constantly searching for every single one of their pain points at once.
One day, you may have a need for a product, and someone who previously solved your need can’t afford to make the product anymore because only a small percentage of people realized it was a solved problem.
This has not been true for me. I have discovered interesting things in Facebook ads that I would not have discovered and bought otherwise. (They were obscure Kickstarter projects)
I agree that there is some chance that some products will be genuinely useful.
But overall risk of getting persuaded to buy worthless products or scammy "investments" seems to not be worth discovering real gems.
Overall I would prefer both scams and genuine offers to be as far as away from my interests as possible.
Obviously, I would prefer actually useful offers to be close to my interests and to have no scams/worthless trash/malware/porno in my ads, but it appears to not be an available option.
Most Kickstarter campaigns I get shown on FB are from third party services that just upload the Kickstarter breach list (my email is in it). Could that have happened to you?
> I have discovered interesting things in Facebook ads that I would not have discovered and bought otherwise.
I've never had this experience, between Google, Facebook, and Amazon. Every "targeted" ad I've been exposed to has either been for something I already have, or for something that's insufficient to my needs.
Because of this, and because I dislike the invasiveness and anti-privacy of modern advertising, I started keeping a log of all of the ads I can remember. Then before I make a purchase, I lookup the product on that list and pick a different company to buy from. If you, as a company, use invasive advertising, I will not be your customer.
That seems counterproductive. You will be worse off by using irrelevant data in evaluating the choice of a particular product, and the company that paid for the advertisement likely won’t even miss your sale.
> You will be worse off by using irrelevant data in evaluating the choice of a particular product
What do you mean irrelevant data? I am much better at choosing a product that suits my needs than Google and friends are. The only irrelevant data is the one provided by the ad companies.
> the company that paid for the advertisement likely won’t even miss your sale.
If that's true, then why do you think they advertised to me? Why would they possibly choose to advertise to people who they weren't interested in selling to?
If you intentionally discount a product based on the fact that they advertised it to you, you’d be making a decision based on some property not intrinsic to the product, which means that you might not purchase the optimal product.
This would all be ok if the tradeoff was a strong signal to the seller that advertising has a negative impact on sales, but I’m positing that the impact of that one sale is negligible and well within the noise threshold of an extremely noisy process. For all you know, if the seller notices at all, they might conclude that they didn’t advertise to you enough.
However I’m totally ignoring any utility you might gain from a principled approach and if it works for you, then more power to you.
> If you intentionally discount a product based on the fact that they advertised it to you, you’d be making a decision based on some property not intrinsic to the product, which means that you might not purchase the optimal product.
Very true, I've considered this many times. What it comes down to is that I value companies that prioritize investing in their product rather than their advertising, so on the whole I'm more likely to get what I want if I stay away from products advertised to me.
> This would all be ok if the tradeoff was a strong signal to the seller that advertising has a negative impact on sales, but I’m positing that the impact of that one sale is negligible and well within the noise threshold of an extremely noisy process. For all you know, if the seller notices at all, they might conclude that they didn’t advertise to you enough.
This argument kind of ignores the whole underpinning of economics. Let's consider a different situation and apply your argument. Let's say a company sells a toothbrush that doesn't clear plaque away very well. Over time, as I use this toothbrush, I'll find that I'm getting cavities on my back teeth. So I stop buying that brand of toothbrush. Under your argument, my doing that would be a weak signal, because it's just one sale lost for X dollars spent on advertising. The seller doesn't notice, and keeps on pumping out toothbrushes, and lots of people get lots of cavities. I know this is not analogous to the situation you're talking about, but it's still a plausible situation, and if your argument is correct, it should be correct across most situations it's applicable to.
And thanks, I do enjoy your confirmation of my power.
I have a fundamentally different view of this: I don't want people advertising to me at all, and I am perfectly fine -- happier, really -- if I "miss out" on buying something I might like because I didn't "get to" see an ad for it.
Advertising is psychological manipulation at its worst, and we'd all be much better off without it.
"Advertising is psychological manipulation at its worst"
Hyperbole is unbecoming.
Off the top of my head I'd say grooming someone for sexual abuse is a significantly worse form of psychological manipulation. I speak from having experienced both, and only one has had a catastrophic effect on my life.
Its very interesting in that when people read "relevant" ads, they usually take the meaning as "relevant to buyer".
But in reality, ads are always "relevant to seller/advertiser". Seller is almost never interested in selling you anything but what makes most profit from you. Eg. A decathlon might be better cost/benefit ratio wise, but you will always get an ad for Nike, because Nike is paying for the ad, not decathlon.
Such is the lie that was fed to us, and most of us accepted it. Tragedy of the commons indeed.
Not every web page has an associated strong commercial intent. Most sites, quality sites, would lose out to commerical junk sites if only commercial sites could make money from ads.
While you can often come up with relevant tie-ins for websites (a weather site could sell vacation packages, a news site could sell... insurance?) it turns out that for a huge fraction of websites relevant commercial interest is just very low.
I prefer irrelevant ads because I learn about new things outside of my bubble.
Who knew that ship designers could buy special plugins for CAD environments? Even though I could have guessed it (In fact, I made this example up), it’s still fun and interesting to be surprised.
I don't think there is a time in the last decade where I received a "relevant" ad. The most relevant they have been is spamming adverts for products I already purchased.
Very thin distinction here given that they can still be purchased by advertisers and Apple has every interest in being the only company monetizing on their platform so the number of parties seeing this is irrelevant if the point was the surveillance problem.
'Ads you see on the App store or Apple News' and 'ads on the the entire web' is very substantial distinction, as is the scope of the surveillance involved. Another one big one is - you can turn the Apple thing off.
This is a pretty naive argument and distinction as well.
It's pretty obvious Apple doesn't have financially valuable properties on the web but they have plenty in their application ecosystem.
In Apple's view Apple News is how people consume news, not go to the web where the user experience isn't custom tailored by Apple. Apple News is barely different than Google AMP that everyone rages against, try to get someone to share a link to a piece of news from Apple News and it will come with the ask to subscribe or download it.
So in Apple's ideal plan almost every place where today ads are displayed will be inside Apple News.
And hey, I wasn't aware there exist another App Store where people can buy applications or in-app purchases on iOS.
And yeah you can turn FLoC off too both today and when it will be in production.
Lastly, when did the argument move from "advertising bad, tracking data always bad, targeted advertising terrible" to "if Apple does it then I'm good with it"?
when did the argument move from "advertising bad, tracking data always bad, targeted advertising terrible" to "if Apple does it then I'm good with it"?
It'd be a lot cooler if you could respond to my actual argument without namecalling and putting words in my mouth. For one thing, it's rude; for another, it doesn't contain much of a counter-argument.
You said the distinction between what Apple does and Google does is 'thin'. The distinction is Apple does this in two specific services of their own, one of which is completely optional and in both cases, the cohort bucketing and tracking can be turned off. Google is putting it in the browser people use to do just about everything on the internet. A roughly similar thing would be Apple adding cohort bucketing to Safari. They haven't. These seem, to me at least, some significant distinctions. Why do you think they aren't?
I replied. You are considering Apple's system better despite the fact that Apple's goal is to re create the web environment in their own apps so they can monetize it in their platform.
So your argument is maybe valid (I don't think so, tracking is tracking and this isn't just contextual targeting) only now, as time goes by and Apple accumulates more power your argument is back to being invalid again.
Why wouldn't they? Apple is in the same business Google is of selling ads and in-app payment processing for apps on their platform. In one respect, Google is better than Apple for warning you ahead of time when an app contains ads. That's not an endorsement, mind you. There's other things Apple does better than Google. But there's no "good guy" here. Only less-bad guys.
When I first got my iPhone, I searched for Youtube on the app store. The first result I got was tiktok - an ad that takes up a third of the screen. Its a terrible UX and confused the hell out of me. I seriously thought Apple was supposed to be user-friendly and anti-advertising...
It... says "Ad" in a alt-colored tag, has a completely different background. Only one ad, vs. google.com, which can show up to 4 identically-styled ads.
Apple isn't anti-advertising, they're anti-tracking, pro-privacy. They're not in the business of selling ads anywhere near the scale that Google is -- the App Store ads in particular are simple, and they cancelled their iAd program a few years ago.
I realized that after looking at the result for ~5 seconds, but I still think its a dark pattern and it could easily induce someone into installing that app by habitually clicking the 'get' button. I guess it just shocked me that the one of the first things I saw on an iPhone was an Ad.
But yes, looking at ads on the Google Play Store recently tells me I made the right decision to switch to an iPhone.
I've been looking to switch from Google Pixel to iPhone but I still see the same shit on the "other side". On iPhone you still get an advertising ID in your OS to track you that you can't disable. You still get ads in system apps. It's like a veneer on top of the same crap.
So, FLoC is a mechanism for facilitating your being targeted by commercial propaganda, but not as accurate/personalized as other mechanisms by Google, Amazon and others. Am I getting it right?
But - if the regular, more accurate/personalized, mechanisms work in Chromium - why use the less-accurate ones?
This post might give some answers [1]. FL is a machine-learning framework where models can be trained while keeping users' data on their device rather than sending it to a server.
Because Chrome’s competitors have all gotten rid of 3rd party cookies for privacy reasons, and Chrome wants to launch and claim the same feature but not damage the ad business.
I would expect that it's practical to reverse engineer the cohorts into a browsing history. This means that an interested party could derive browsing information from a page visit rather than needing to instrument thousands of websites with cookies.
There isn't really any hard bound on how much information could be leaked via these algorithms.
Cohorts could be reverse-engineered to give you a probability space of browsing history, which would be identical for any user in the cohort given a single sample.
> There isn't really any hard bound on how much information could be leaked via these algorithms.
With ~33k cohorts, there is literally a hard bound of just above 15 bits per visit. That's still theoretically a lot if you have some other stable identifier, but practically speaking most users on most sites will have an identical cohort and it will drop off rapidly as cohorts stabilize into groups appropriate for ad targeting.
Barring the other considerations I've mentioned in the comments here, that's still immeasurably better for individual privacy than ~infinite bits per visit from stable third-party cookies.
FLOC is being introduced now in advance of privacy features coming in chrome (removal of third party cookie and privacy budget) which apparently will hurt ad revenue. FLOC is supposed to help targeting without exposing user data.
The idea with this proposal is to avoid browser fingerprinting. Cross site cookies are going away and there are essentially two possible paths for ad networks to compensate: a common approach like FLoC is adopted, or ad networks will continue to do ever more advanced fingerprinting based on things that are identify you individually and hard to obfuscate like graphical rendering and audio quirks. The proposal is if Google adopts FLoC they won’t use browser fingerprinting.
Which reality is better is up for debate but they won’t be doing both for the same client.
There's a third option: we make it hard enough to fingerprint users that doing so is too costly when compared to what the ad networks gain from doing it.
They will absolutely do both because nothing stops them fingerprinting us otherwise. Anything based on goodwill and hope should be considered false starts.
"This API democratizes access to some information about an individual's general browsing history (and thus, general interests) to any site that opts into it. This is in contrast to today's world, in which cookies or other tracking techniques may be used to collate someone's browsing activity across many sites."
Can the user detemrine whether a site has opted in without sending an HTTP request the site (and thereby recording the access in her browsing history).
"Sites that know a person's PII (e.g., when people sign in using their email address) could record and reveal their cohort. This means that information about an individual's interests may eventually become public.
"As such, there will be people for whom providing this information in exchange for funding the web ecosystem is an unacceptable trade-off. Whether the browser sends a real FLoC or a random one is user controllable."
Can advertisers determine whether a FLoC sent is real or random.
I can imagine some FLoCs if sent would trigger ads that were undesirable, perhaps damaging to the user's reputation, embarassing, etc.
As described, this system compels users to accept targeted advertising (what Google and Facebook want every user to do). There is no opt-out. There is no such thing as non-targeted ads. Users of browsers that support FLoC can either send real FLoC or random FLoC, but they cannot send no FLoC. If they choose randomised FLoC, they might receive ads targeted to cohorts with which they do not want to be identified. As the next paragraph states, the FLoC when compbinaed with other data can indeed be used as an user identifier. Choosing "randomised FLoC" might mean being publicly identified with undesirable cohorts. For example, IP address might become associated with an undesirable cohort.
"A cohort could be used as a user identifier. It may not have enough bits of information to individually identify someone, but in combination with other information (such as an IP address), it might."
"The expectation is that the user's FLoC will be updated over time, so that it continues to have advertising utility. The privacy impacts of this need to be taken into consideration. For instance, multiple FLoC samples means that more information about a user's browsing history is revealed over time."
"Second, if cohorts can be used for tracking, then having more interest cohort samples for a user will make it easier to reidentify them on other sites that have observed the same sequence of cohorts for a user."
"A cohort might reveal sensitive information."
"Some people are sensitive to categories that others are not, and there is no globally accepted notion of sensitive categories."
"It should be clear that FLoC will never be able to prevent all misuse. There will be categories that are sensitive in contexts that weren't predicted."
"A site should be able to declare that it does not want to be included in the user's list of sites for cohort calculation. This can be accomplished via a new interest-cohort permissions policy. This policy will be default allow."
Default is no privacy. Nice.
"... a site can opt out of all FLoC cohort calculation by sending the HTTP response header:
"We will analyze the resulting cohorts for correlations between cohort and sensitive categories, including the prohibited categories defined here. This analysis is designed to protect user privacy by evaluating only whether a cohort may be sensitive, in the abstract, without learning why it is sensitive, i.e., without computing or otherwise inferring specific sensitive categories that may be ass...
Most users never even change defaults let alone install extensions. There is no described option to disable FLoc in the browser. Why not. Surely the design decision not to include an option to disable FLoC was intentional. That's the point I was making.
Wait, what? Async? Isn't your cohort supposed to be precomputed?
And undefined would still have to be handled anyway, as browsers without support wouldn't have the attribute at all (at least for several years after it was accepted, for everything to get the new feature).
The issue with FLoC is it based on a false premise. Advertising can be successful without needing to build a tracking profile on a person as they traverse multiple websites.
For example if I visit a website that follows trends in computer hardware... advertisers may pay to put ads in this site to PC parts, etc. If I visit a site about popular camping locations.. advertisers can purchase ads that are relevant to camping,gear, travel etc.
The very idea that we need a tracking identity that monitors and identifies behavior from site to site is ridiculous.
It's based on a lie, but it's also a lie that's entirely fundamental to Google's existence: The reason Google is the giant it is is because of the delusion you need user tracking and that only Google has enough user data to do it well.
If you get rid of user tracking, anyone or their brother can sell ads, and then why deal with Google?
Is there any evidence behind the idea that FLoC is more privacy-preserving than third-party cookies? Intuitively that is not obvious to me at all, especially given there are so many other fingerprinting techniques it could be combined with.
Interesting, didn't know that. In that case then how does it identify a cohort in a useful manner? Surely websites will need to temporally tie together the values to be able to target ads?
The cohort semantic meaning is stable, although not disclosed an ML system would learn its correlation to a given goal.
Cohort membership changes pretty frequently instead. So the system may put all people that browse mostly golf sites together in cohort 12345 that only the algorithm knows it's about golf sites, people enter and leave that cohort on a daily basis and you can only be a member of a single cohort at a time.
Why would the cohort membership change frequently? Isn't it based on your browsing habits? I don't think my habits change frequently—do most people's?
Also, even if I take for granted that everyone's cohort changes daily, how does that imply anonymity? Like say my habit is that I check emails a ton on Monday, go on YouTube on Saturday, read the news on Sunday, etc... so my habits are changing daily, okay, but not weekly, right? Or maybe I do them in a different order on another week, but I'm not going to develop 1000 different habits across 1000 days, right? Shouldn't some kind of frequency analysis provide fairly consistent results?
Cohorts cannot be too small (or they are not published), nor too big (or they are not particularly useful for capturing a particular set of behaviors/interests). The algorithm will balance these two constraints which will lead to any individuals coming in and out of particular cohorts. The semantic meaning of a cohort will likely change over time as well. For that, FLoC is proposing adding version IDs
“Why would the cohort membership change frequently? Isn't it based on your browsing habits?” -> cohorts need to be rebalanced over time, so your cohort membership could change.
"FLoC cohorts will comprise thousands of users each, so a cohort ID alone shouldn’t distinguish you from a few thousand other people like you. However [a tracker now] only has to distinguish your browser from a few thousand others (rather than a few hundred million). In information theoretic terms, FLoC cohorts will contain several bits of entropy—up to 8 bits, in Google’s proof of concept trial. This information is even more potent given that it is unlikely to be correlated with other information that the browser exposes. This will make it much easier for trackers to put together a unique fingerprint for FLoC users."
"as your FLoC cohort will update over time, sites that can identify you in other ways will also be able to track how your browsing changes [...] a FLoC cohort is nothing more, and nothing less, than a summary of your recent browsing activity."
The second paragraph you quote is literally the counter example of what I just said.
There needs to exist a way to identify you in other ways and in the future cookies won't be one of those. So a site that has your information because you shared it with them will be able to see your cohort changing, otherwise you'll look like a new user each time.
And yeah I'm extremely familiar with FLoC, more so than the EFF.
The link you posted examines the issue in detail, IP address on its own is already on its own a decent identifier at the household level, and used today, and that's why there is a specification on Willful IP Blindness proposed by Google.
But IP alone is imperfect as well anyway for tracking.
I don’t think that’s the real goal. The real goal is to remove cookies so that compares other than google cannot use them for tracking. Then google uses FLOC as a substitute; they’re the only ones who can use FLOC so it works out great for them.
Google (and a small number of other companies, notably Facebook and Amazon) are also able to continue "traditional" profiling due to their extensive first-party traffic / backend integrations.
If FLoC goes as they plan, there will be less tracking overall, but the tracking there is will be considerably more centralized, less technically transparent, and cement incumbent market advantages. (All totally coincidental unfortunate side-effects of Google's concern for your privacy.)
The cohorts are created automatically by the browser, so that users with similar browsing histories group together. Everyone has equal access to them, through document.interestCohort.
Good to see Brave sticking to their privacy guns. FLoC is a brazen attempt for Big Ad (aka. Google and its ilk) to keep their spying-on-users gravy train going, now that GDPR and similar laws are making their old methods illegal (without consent).
No one wants to consent to being spied on, so FLoC is circumnavigating the GDPR consent requirements, letting them spy on all Chrome-users without consent.
Except with FLOC you can watch your network connection in/out and see that, instead of a persistent identifier being used to track you, you only send your interest categories. FLOC's intent is to keep their money making operation afloat, but this time without direct web browsing activity tracking of users.
> but this time without direct web browsing activity tracking of users.
Your FLOC cohort is a summary of your web browsing activity. FLOC doesn't solve the privacy problems that trackers create - it just hands them your browsing history on a silver platter.
It's similar to Spectre. We had more pressing issues back then. As those issues are solved, we moved to more tricky ones which did not get much attention before.
You're going to drive yourself crazy if you try to make sense of "privacy"-advocate objections on an object level. It's not actually about privacy. No matter how much FLoC or something FLoC-like preserves your actual privacy, advocates will be against it. That's because they don't actually care about privacy and have always used concerns about "privacy" as a pretext for killing ads.
Then fix fingerprinting. "But fingerprinting!" is yet another pretext for just trying to make advertising in general non-viable for aesthetic or ideological reasons.
True, we have to make advertising non-viable, that's the point.
Id gladly pay for my content just to watch the ad-tech industry die, its not just about "ads", they are building the infrastructure for the surveillance police state.
There are no specifications about what the cohorts will be, Google is literally leaving that for the ad companies to figure it out. It wouldnt be suprising it at all they realize a way to make small enough cohorts in such a way you can be fingerprinted.
The bottom line is that you are giving them your browsing data, obfuscated by fancy algorithms. Unless you trust ad-tech to have the best interests about your privacy (ha!)
It cuts down the fingerprint to a pool of just a few thousand and then you can just use other fingerprint items to get down to a completely unique id that you can track.
Not sure why it is supposed to be significant improvement.
"FLoC cohorts will comprise thousands of users each, so a cohort ID alone shouldn’t distinguish you from a few thousand other people like you. However [a tracker now] only has to distinguish your browser from a few thousand others (rather than a few hundred million). In information theoretic terms, FLoC cohorts will contain several bits of entropy—up to 8 bits, in Google’s proof of concept trial. This information is even more potent given that it is unlikely to be correlated with other information that the browser exposes. This will make it much easier for trackers to put together a unique fingerprint for FLoC users."
"as your FLoC cohort will update over time, sites that can identify you in other ways will also be able to track how your browsing changes [...] a FLoC cohort is nothing more, and nothing less, than a summary of your recent browsing activity."
So to be clear, "Big Ad" is like, dentsu, Publicis, Omnicom, etc. Companies that don't show up on HN much (but do ultimately buy the services which pay a ton of HNer's salaries).
They don't like Google very much, but Google owns a ton of space to put ads on, lots of first-party traffic with interesting properties, and more accurate targeting models than most other companies combined. So they have to work together. Real Big Ad would all rather keep the third-party cookie and not have to deal with FLoC, because they know they're already trapped in dealing with Google based on market demands, and FLoC will give Google even more forceful technical leverage.
Google is an integrated part of “Big Ad”, they’re the largest advertising company in the world. And now they’re using their ownership of the most popular browser to sneakily install FLoC on their unwitting user’s machines.
If you view the market through only this lens it becomes very easy for partisan interests (e.g. Brave, just as much an advertising company as Google) to trick you. Google is notable for how disintegrated it is from the rest of the ad business, between its technology monopolies and vertical integrations.
The recursive irony here is that Alphabet implemented FLoC to put a moat around tracking adtech, and Brave consumes Chromium for its own means of generating revenue from vending a browser (BAT), so of course there’s no reason to propagate FLoC.
I don't understand why tracking is not being considered as mechanism helping companies to manipulate consumers into buying their stuff, essentially amounting to fraud?
If you were going to track someone in real life and manipulating them into buying something, you would certainly end up in jail, so why is this allowed over the internet? Because consumers don't see companies who stalk them? In my opinion the whole tracking business should be illegal.
Advertising is providing information about the product, so that consumer can make an informed decision whether to buy it or not. Creating messaging tailored specifically to an individual exploiting various vulnerabilities or their situation is not.
That's a very interesting move. The patch seems fairly small, but now it's a patch that Brave needs to maintain and update every time they merge a new upstream version.
That's what makes me wary of the whole Chromium fork concept. Every time Brave/Vivaldi/Edge/etc decide to take a different path from Google's they effectively add to their maintenance burden forever, even if like in this case they actually disable an unwanted feature.
How long until the list of patches to backport for every new version of Chromium becomes so large that they have to pick and choose which one to keep maintaining and which one to give up on? If tomorrow Google decides to push a very deep change to the way, say, extensions are handled that makes them less effective at ad blocking, will Brave accept the burden to suddenly have to maintain a very deep fork of the browser in order to maintain old functionality?
I'm effectively FUDing right now, but my concern is genuine. I'm very perplex that you can make an effectively anti-ad, pro-privacy browser based on the source code of one of the biggest ad companies in the world.
My guess is they run the cost benefit analysis with every Chrome release. Then just give up and accept the change unless it's obviously low cost or in an area they've already forked.
From what I'm remembering, Eich said that once they got big enough, they'd be willing to fork a browser if necessary. I wouldn't put that past Brave considering how many changes it's had (used to be on a different browser engine, also used to use Electron). They'll probably have to grow a bit before this happens though.
The idea of a fork is that it is independent from what it was forked from, you pull what you like and leave aside negative changes, if the license allows this. At least that's the idea. Of course companies with huge manpower such as google can evolve "standards" in a pace that a small independent fork can't keep pace, but we shouldn't just give up.
I think the type of fork that OC was referring to would be a project that forks to provide a change in feature set, yet still tries to remain up to date with upstream. So, not a hard fork.
I maintained a fork of webkit ~12 years ago and it was a nightmare to maintain because every couple months they would massively reengineer systems and result in hundreds of non-trivial file changes. And because webkit had a brain-dead way of implementing multi-platform support it meant you spent days or weeks re-integrating these changes.
There is a small team of folks here constantly working on rebasing the next Chromium version on Brave. They fight these deviations and try to minimize the patching as much as possible- so future versions are easier and easier. We even have some clever UI patching for the Polymer pages
There definitely have been challenges - for example, with Chromium 69, the network delegates were moved over to NetworkService which broke our shields code. But I'm really proud of the work done to minimize things. For a long time, the team rebasing Chromium was just one person... and we've always delivered Chromium upgrades and updates to Brave users within 24-48 hours of Google's stable channel
is pretty abhorrent looking. First-class advertising support in a browser is a major turn-off. Google is probably only a few steps away from losing controlling stake in Chromium, and stuff like this certainly will lead others to flock away.
Why is it abhorrent? FLoC doesn't compromise your privacy. It does interest inference client-side, away from bigcorp servers. It doesn't leak any information about you. But all the "privacy" people are totally against it anyway.
Why? Because they just hate advertising. The whole "third party cookies are bad" thing has always been a sham: it was never about privacy. It's always been about killing advertising itself.
all obnoxious ads are bad, but I tend to find the less targeted ones, for example the ones for payday loans or ambulance chasers, more obnoxious than products based on my hobbies.
>> Why is it abhorrent? FLoC doesn't compromise your privacy.
You misunderstand - Google is in the business of compromising your privacy. They have lots of teams of lots of very smart people figuring out how to compromise your privacy.
Further, they are in the real world business of doing it. They are not naïve as your comment was - they find the balance of how far they can push it, by a combination of monopoly power, and also cunning politics, PR and posturing - they are fighting tooth and nail and using every tactic and trick in the business, with an unlimited budget - specifically to compromise your privacy for their financial and political power gain. Any area where they 'seemingly' back away from compromising your privacy, is where they have done extensive cost benefit analysis, and come up with alternative trickier or less understood ways to get what they want but that is more politically acceptable.
This is the underlaying reality - the rest of the details of FLoC etc is an information battleground where you as a user are fighting unlimited budget teams that are highly motivated to exploit your privacy. Advertising is in fact just one slice of the power they wield by exploiting your privacy along with everyone else on the planet's.
If you try to look at just FLoC in isolation you will miss the forest for the trees, as the results of FLoC are correlated with many other sources of information.
FLoC's motivations are some balance of:
- reducing PR fallout due to increasing awareness of their exploitation of everyone's privacy
- keeping full access to information they already extract from you and everyone else, and in fact increasing it as possible
- reducing or hindering other parties access to the total information so they gain more relative power
The rest my dear chap is details and their teams and teams of analysts working on this have all day every year to outsmart you in the details of how this is implemented.
Advertising is a scourge on the internet, and society in general. I doubt anyone would really miss those awful things. So yes, I want to kill advertising.
What's really telling is how many people and companies think they're entitled to running ads on my computers and phones, as if I'm the one who is doing something wrong by choosing what I see or don't see.
I have no problem paying for content. However, I'm not going to feel guilty for not going to a movie theater early so that I can see all of the trailers and commercials that are shown before the movie I want to see. I'm also not going to feel guilty for fast forwarding through commercials on TV.
Content creators are not entitled to decide what ads I choose to see and not see.
They have the right to demand compensation, but the appropriate way to do that is to gatekeep - i.e. don't provide access until the user pays (or promises to pay).
When they serve content with ads, they are not demanding anything.
Your question assumes that transparent, behavior-based, cross-site user interest tracking is somehow essential functionality for the web and we just have to find the right way to do it.
I think most people who are criticizing FLoC would challenge the idea that this class of functionality needs to or should exist at all.
Content creators want to get paid as much as anyone else and it's either through direct payment by the consumers or by embedding advertisement in their content.
All this FloC, third party cookies, etc. are efforts to make that advertisement route more efficient. So my question is what are the critics proposing instead? Get rid of ads and just ask the audience to pay per view or make everything a subscription? Not paying content creators (ad blocking) is certainly not a sustainable alternative.
Simple advertisements like billboards. One image, no stalker tracking, no global user profiles, no malware, and no animation or movement.
Advertising was effective as an image or text that shows the reader a value proposition. What we have these days is stalkers and information rapists pretending to be advertisers.
The reason non-tracking ads pay less is that tracking ads are now the norm. If standards/laws were implemented to protect privacy and block such tracking, content providers (if they are so inclined) would make as much money with non-tracking ads as they do now with tracking, since there would be no invasive competition.
Your daily paper didn't have a list of your interests yet succeeded in making money through advertising. Why can't they now?
Many things are wrong probably, here are some I can think of: it is extra data for more accurate fingerprinting, it is not really an alternative to tracking users because companies using it doesn't mean they'll stop tracking you, it's likely going to become another de facto web standard imposed by Google and used in conjunction with other tracking methods may more accurately reveal your browsing habits and history because it reduces the guess/search space from the whole web to a handful of websites in your cohort.
I think there should be an option where you either pay for content you consume on the web or targeted (aka efficient) advertising pays for it. All I care about is my PII information not to leak and be accessible to random people.
I don't see any other way and I can't see what these people at EFF are arguing for? It's easy to just keep saying no to everything.
"At Vivaldi, we are committed to protecting our users from online trackers, and we would not want to enable any kind of user behavioural profiling. The FLoC experiment does not work in Vivaldi, because it relies on several hidden preferences being set, and we do not enable these options in Vivaldi. Our future plan is to prevent the Floc component from functioning, no matter which way it is implemented."
Disabling FLoC is reactionary, performative, and honestly, counterproductive.
Ad industry: "Look. We listened to your concerns about ad privacy. Here's a solution that gives you everything you want. Now we can serve interest-based ads without tracking you across the internet. You win."
Brave: "We don't want a solution. We want to be sanctimonious and angry!"
>Ad industry: "Look. We listened to your concerns about ad privacy. Here's a solution that gives you everything you want. Now we can serve interest-based ads without tracking you across the internet. You win."
(Actually does nothing or the sort, continues tracking users while making user experience even worse and some crucial Web features unusable for indie devs.)
>Brave: "We don't want a solution. We want to be sanctimonious and angry!"
(Pushes "ad industry" out of the way and performs its own tracking and ads.)
What's going to happen is that sites will enumerate which FLoC IDs represent which set of interests, and just use send that data off together with whatever unique ID they're already tracking you with.
It's based on your browsing history, so companies will now be able to get an aggregate of your interests without having to actually track you across other sites.
My questions about FLoC are who controls the definitions of cohorts? Is it possible for someone to take advantage of cohort information in a way which leaves Google completely out of the loop? Do users (and system administrators) have any control over what cohort information is saved or transmitted by the browser? If they do have control over it, is it enforceable? (e.g. The DNT header is useless because services are not compelled to obey the request.)
The ecosystem is broken, add work but many products have marketing costs built into them that are over 30% of what you pay for, in some cases, over 50% of your monthly fees are marketing expenses. In fact, in SaaS software, a world class company spends 33% (3:1 CAC ratio) on sales and marketing. I don’t mind ads or even having embedded marketing costs in the products I buy, what frustrates me is how long and hard I have to work in addition to all of the waste on marketing to find what a product does, what it costs, what it’s strengths and weaknesses are. And google does nothing to help. I get millions of pages to read, thousands of reviews (many of them fake) and at the end of the day, everyone of us has to waste our time figuring these things out. Go shop for auto insurance or a mortgage or a new piece of software or anything that costs over $1000 annually and you will see what I am talking about.
Yes it's just exploiting both sellers and users. The market power is broken. Google needs to be broken up, and advertising and general web browsing needs to be completely non-identifiable, or our civilisation is heading to a micromanaged dystopia of stalinesque proportions.
Too many folks commenting here seem to think that FLoC doesn't compromise privacy, when it is yet another bit of differentiation that can be used to fingerprint a browser.
It's a particularly granular one, as well, placing users into manageable cohorts of only a few dozen thousands in size, or so is claimed.
Combine FLoC with a handful of other fingerprint bits and you can track an individual.
Browser fingerprinting is besides the point here. The whole reason they want to fingerprint you is to build up an advertising profile. FLoC cuts out the middleman by giving every single site you visit access to the proceeds of the cross-site tracking. It's like saying "There's too many cameras pointed at my house, so instead I'm going to start publically streaming my life 24/7".
While FLoC does sound like a bad idea, I think it would be helpful if critistism was coupled with counter proposals. What do the critics see as ideal solution here: making all of the free services paid? having just more content-based ads? or something different?
The local pizzeria can say "only show advertisements that want to be shown within 30 miles of Somewhere, NY. The site for expecting mothers can show ads for baby products.
Contextual advertising. Flip the entire thing upside down and let the sites declare to the advertisers what niche they fill, and let them get relevant advertisements.
351 comments
[ 5.4 ms ] story [ 232 ms ] thread> Brave is a free and open-source web browser developed by Brave Software, Inc. based on the Chromium web browser. It blocks ads and website trackers, and provides a way for users to send cryptocurrency contributions in the form of Basic Attention Tokens to websites and content creators along with the ability to keep the cryptocurrency they earned.
Quoting https://amifloced.org/ :
> Third-party cookies are the technology that powers much of the surveillance-advertising business today. But cookies are on their way out, and Google is trying to design a way for advertisers to keep targeting users based on their web browsing once cookies are gone. It's come up with FLoC.
> FLoC runs in your browser. It uses your browsing history from the past week to assign you to a group with other "similar" people around the world. Each group receives a label, called a FLoC ID, which is supposed to capture meaningful information about your habits and interests. FLoC then displays this label to everyone you interact with on the web.
FLoC stands for Federated Learning of Cohorts. The third party cookie is dying, and FLoC is a way for companies to group people together and track them, rather than tracking individuals. Here's more info about that [1] and here's an EFF article about why it's dangerous [2].
[0] https://brave.com/ [1] https://github.com/WICG/floc [2] https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-...
Brave is an other ad network.
Company Overview & Core Offering
Brave is the first global digital ad platform built for privacy, offering advertisers the opportunity to participate in a premium, brand safe, and opt-in ad ecosystem, designed for a future without 3rd party cookies.
https://web.dev/floc/
https://www.chromium.org/Home/chromium-privacy/privacy-sandb...That's just how "new" works.
They can handle some theft, but if literally everyone stole their candy, the store would close down and nobody can have candy.
Perhaps it is time for an advertising model to die out as the default.
I will not render your ads. I’d be happy to put that in the first http request to your site. If that means no site for me, then quite honestly 90% of my browsing is a waste of time anyway.
They encourage people to believe their self worth is linked to the things they own. That a persons status in society is somehow associated with how much money they have to spend.
Who's pretending? Ads naturally and quite effectively price-discriminate, and so they do make internet content cheaper for people with less money.
You may have problems with excessive consumption, but many people in developing countries do not. They desperately need the free content (educational, informative, and otherwise) that the current internet model provides them.
Well funded public broadcasters like Australia ABC provide news and entertainment content free. (both text and video)
Well funded public libraries can provide a wide range of alternate content.
While I love libraries and public broadcasting, I learned to code as a poor kid through library books, they are not the full solution and they never provided free, instant, and any time international communication for people.
Also, the store isn't freakishly stalking me and noting down all my habits whilst sharing what it has collected with its friends, or indeed anyone who will buy the data.
Besides, candy is impossible to replicate in the same way that data is. Theft of physical objects is a materially different act from advert blocking and avoidance. I'm not obligated to view adverts in every public space because they fund the local government. I'm not denied access to the cinema because I arrive 10 minutes after the start time to avoid the adverts. Or back in the day when I taped TV shows and fast-forwarded the adverts, had I a responsibility to view them?
They're useless noise that contribute no value to anyone beyond whoever pays for them, and therefore I find it a moral responsibility to limit my exposure to them and restrain the harm they do to others. And curiously, I am much more content and much less impulsive in my spending habits since I installed uBlock.
Many retail stores do, actually, through wireless tracking, cameras, and/or purchase history. They will buy and sell consumer data through the likes of Acxiom.
It would be great to have a ublock equivalent for the physical world.
No one is under any obligation to accept advertising. Only since the modern web have advertisers and content providers made this an argument on ethics.
We could all go around in circles like this for hours.
I'm not really sure what crowd of us you think claims that ad-blocking is "morally responsible". I certainly don't see it as a moral issue at all. I just don't want so see ads, period. I think they're psychologically manipulative garbage, and I don't want them in front of my eyes, infecting my brain.
If someone wants to publish something behind a paywall, I'll pay if I think it's worth the price. If someone wants to put up an ad-blocker-blocker and refuse to serve that content to me, that's fine too; I'll live without their content.
If a server is going to send me bits over the wire, I am going to decide how I view those bits, and which bits I do and do not want to see.
It's a bad metaphor, a better metaphor would be reading a journal and covering ads with post it notes.
Nobody frames, say, taking a bathroom break when the ads play during a football game this way.
One might argue that you are then not entitled to view the content on ad-supported pages as well.
I use an ad blocker too because many ads are just horribly intrusive, but I honestly can’t blame any page circumventing ad blockers, nor do I believe that I am somehow morally entitled to an ad-free, compensation-free browsing experience.
Narrowing all of this down to CPU time misses the point entirely in my opinion.
> They're useless noise that contribute no value to anyone beyond whoever pays for them, and therefore I find it a moral responsibility to limit my exposure to them and restrain the harm they do to others.
They‘re literally paying for the content you get to view for free.
This is true, and websites are entitled to try to detect and block users who use adblockers. And users are entitled to use better adblockers that are harder to detect.
Then they shouldn't serve the page in a way that it can be viewed without also viewing the ads. Ad-blocker-blockers are a thing, and I am happy to close that tab and never visit the site again when I see one.
> They‘re literally paying for the content you get to view for free.
Hopefully someday they'll be forced to find a business model that doesn't include destroying the privacy of their website's visitors.
I suggest you are incorrect to assert that "no one is entitled to my CPU time." I agree, however, that advertisers do not have that moral claim right.
> I suggest you are incorrect to assert that "no one is entitled to my CPU time."
Very well, please elaborate. I'm always up to delve deeper into reason and philosophy (time-permitting of course).
I'll start with ~~a humorous point for an autistic person~~ the worst kind of pedantry. An object cannot be no one's and mine at the same time. If I own it, then it isn't no one's. To the degree the CPU is indeed yours, then it is someone's CPU. Obviously, there's some conversational implicature embedded in your claim here, and that's what we're here to clarify.
For the record, I'm on your side. Your overall argument is something everyone needs to hear. So, I'm not here to destroy your assertion, but I think it should be weakened. There's a lot packed in there.
I take your proposition to mean, roughly, that the CPU in your possession is something only you have a cluster of moral claim rights to (which corresponds to a cluster of moral obligations of others to you regarding that CPU), with no possibility of overriding reasons, caveats, or provisos. Now, you could be speaking about political claim rights, but I don't think that's the case here (correct me if I'm wrong). Is that a fair interpretation, and do you wish to maintain that? Can you think of any exceptions? Are there any adjacent possible worlds in which that is not the case?
These reductionist approaches don‘t really help with understanding ads (and communication in general).
However, I do run an ad blocker and I'm completely fine if every company that relies on ads for income goes out of business. In fact, I'd appreciate it.
If websites really find that ad blockers are killing their revenue, they will switch to a paywall model, and maybe micropayments will finally happen (or perhaps a service that allows users to subscribe to large numbers of websites at a time). Whether or not that is a good thing depends on who you ask.
Websites can move to more efficient and lighter methods of delivery to cover the absence of advertising revenue. Anyone skilled who works in the advertising industry is freed to offer his skills to better human endeavours. Everyone wins.
With harmful incentives removed, this would encourage websites to focus on good writing and less on being 'content farms' to drive up engagement for the advertisers.
All I want from most sites is the text. Not adverts, trackers and those damnable autoplaying videos that jump out and follow me down the page. I use the reader mode in most cases. Why is it necessary to use reader mode if not to cut the useless cruft? Why can't the web just be like that?
I don't want to be rude, but won't they just end up losing their livelihoods? If the advertising industry goes, most programmers will see their salaries drop hugely. Even those not working in advertising will see a drop due to the flood of supply.
(I do think advertising is net positive and prohibiting it would be a bad idea: https://www.jefftk.com/p/effect-of-advertising)
Consumer habits will just become more unpredictable- and small companies could compete with big companies that spend billions on marketing.
Even if you were not directly influenced by advertising, you probably were indirectly through word of mouth.
If blog or similar can finance part of their cost with Ad's, why not.
Sure on slow internet it's a somewhat different matter.
Anyway Ad's okay, but tracking for me is spying and should be treated like that, i.e. it should be illegal.
There are ways to have personalized ads without it, like local learning which then selects to get an add for a specific topic, with that a side could still track which ads you got, but it would be much less useful as FLoC, and then you add additional steps to even further decrees any chance of tracking.
Companies still get implicit feedback by what adds get selected more then others.
People can explicitly blacklist annoying (or offensive) adds making sure they don't see them ever again and if enough do so in turn making that app not seen much more at all etc. etc.
But the FLoC cohorts are WAY to small/identifiying to not allow you to be tracked fairly easy with it. Just combine it with other identifying aspects of browsers (there are a lot) and I wouldn't be surprised if it's often allows a 100% unique identification.
And given that you likely wont be able to "ad-block" FLoC this makes it way worse then the status quo.
Yeah, in that world, ads would be ok with me. Sure they're pointless because I won't click on them - but not really worse than having a blank spot in the page because of an ad blocker.
While I have no problem with the concept itself of advertising, I do have a problem with modern implementations of ads. Almost invariably, they are loud (vocally and visually), intrusive, obnoxious and almost coercive in their use of language. They are intended to dumb down the target audience, rather than enrich their targets' lives.
I do have a problem with everything that attacks my ability to think freely.
It's fair to believe that ads are 'ok' - it's also possible that people in general don't want them. Hosting low-traffic websites on a smartphone with cellular data is just-about-feasible now.
Rather than inventing very technically clever ways to continue on our existing path, as Apple and Google are doing, I think it'd be pleasant to simply move beyond the advertising model of content on the internet.
If asked, I don't believe people would want to be tracked or have ads mixed into their content.
Could we make it cheap enough to host a personal blog and/or wiki on a smartphone for, say, $10 a year?
The economics would be very different as sites scale up their traffic (compare with, for example, The New York Times).
I think the (relatively) small number of high-traffic sites would be able to find revenue streams to support their hosting - perhaps those would be where subscriptions would be effective.
This may of may not be good, but I’m a bit concerned that destroying the adtech industry may have ripple effects that end up being worse than some middle way like FLoC
A choice of least worst is not necessary.
You have no idea how hard people work. Ad browsing pays the same no matter how hard people are working.
That just seems like hyperbole actually, and from a biased opinion or vested interest.
Brave seems to handle privacy very well considering the choices available, and has made a number of good privacy decisions from what I can see after watching browsers evolve for 25 years. I have switched to using Brave and installing it for those I support.
The crypto thing is 1) easy to turn off, 2) an attempt at a possibly better business model where users aren't just sold with it. Regardless I simply turn the crypto setting off.
There’s over a million web creators accepting bat just from brave [1] and while that’s not everyone or even a big percentage it’s not “few web creators.” If you don’t want to give to web creators you’re free to cash out and donate cash to charities. So that’s a plus that’s not possible with other browsers.
Note, I don’t use the crypto feature in brave, I’m just annoyed by people spreading FUD about stuff.
[0] https://www.coinbase.com/price/basic-attention-token [1] https://batgrowth.com/
I’ve never done anything with the crypto part. I just use them as a clean, ad-free browsing experience. There’s ad blockers for other browsers but brave is the easiest for me to use.
where is the better part? is it the fact that this makes fingerprinting easier? or that floc makes more data available to advertisers than cookies?
It says it's about respecting the privacy of users better but in practice it fails very bad at doing so the only thing it archives is allowing Google to disable cookie based tracking and with that makes it harder for 3rd party trackers to be google independent (it not harder for 3rd party trackers if they use/abuse the FLoC Id and generay there are many ways to track users which are not cookie based so especially when it comes to the very bad offender of invasive tracking it doesn't make a difference or becomes even easier, but some of the smaller google ad (and analytic) alternatives will have it harder).
This sounded good when I first heard it, but by now I understand 'relevant' to mean 'tailored to optimally influence my behaviour', eg showing me articles about the futility of voting if my political preferences are likely to lean a particular way.
I really have enough projects, TODO lists, interesting things to buy to last for lifetime of 250 years.
Why I would want ads likely to influence me? There is basically no chance that ad will show me useful, worth using object or service to buy that I would not discover anyway.
It would be just another scam more effectively targeting me.
One day, you may have a need for a product, and someone who previously solved your need can’t afford to make the product anymore because only a small percentage of people realized it was a solved problem.
But overall risk of getting persuaded to buy worthless products or scammy "investments" seems to not be worth discovering real gems.
Overall I would prefer both scams and genuine offers to be as far as away from my interests as possible.
Obviously, I would prefer actually useful offers to be close to my interests and to have no scams/worthless trash/malware/porno in my ads, but it appears to not be an available option.
I've never had this experience, between Google, Facebook, and Amazon. Every "targeted" ad I've been exposed to has either been for something I already have, or for something that's insufficient to my needs.
Because of this, and because I dislike the invasiveness and anti-privacy of modern advertising, I started keeping a log of all of the ads I can remember. Then before I make a purchase, I lookup the product on that list and pick a different company to buy from. If you, as a company, use invasive advertising, I will not be your customer.
What do you mean irrelevant data? I am much better at choosing a product that suits my needs than Google and friends are. The only irrelevant data is the one provided by the ad companies.
> the company that paid for the advertisement likely won’t even miss your sale.
If that's true, then why do you think they advertised to me? Why would they possibly choose to advertise to people who they weren't interested in selling to?
This would all be ok if the tradeoff was a strong signal to the seller that advertising has a negative impact on sales, but I’m positing that the impact of that one sale is negligible and well within the noise threshold of an extremely noisy process. For all you know, if the seller notices at all, they might conclude that they didn’t advertise to you enough.
However I’m totally ignoring any utility you might gain from a principled approach and if it works for you, then more power to you.
Very true, I've considered this many times. What it comes down to is that I value companies that prioritize investing in their product rather than their advertising, so on the whole I'm more likely to get what I want if I stay away from products advertised to me.
> This would all be ok if the tradeoff was a strong signal to the seller that advertising has a negative impact on sales, but I’m positing that the impact of that one sale is negligible and well within the noise threshold of an extremely noisy process. For all you know, if the seller notices at all, they might conclude that they didn’t advertise to you enough.
This argument kind of ignores the whole underpinning of economics. Let's consider a different situation and apply your argument. Let's say a company sells a toothbrush that doesn't clear plaque away very well. Over time, as I use this toothbrush, I'll find that I'm getting cavities on my back teeth. So I stop buying that brand of toothbrush. Under your argument, my doing that would be a weak signal, because it's just one sale lost for X dollars spent on advertising. The seller doesn't notice, and keeps on pumping out toothbrushes, and lots of people get lots of cavities. I know this is not analogous to the situation you're talking about, but it's still a plausible situation, and if your argument is correct, it should be correct across most situations it's applicable to.
And thanks, I do enjoy your confirmation of my power.
Advertising is psychological manipulation at its worst, and we'd all be much better off without it.
Hyperbole is unbecoming.
Off the top of my head I'd say grooming someone for sexual abuse is a significantly worse form of psychological manipulation. I speak from having experienced both, and only one has had a catastrophic effect on my life.
But in reality, ads are always "relevant to seller/advertiser". Seller is almost never interested in selling you anything but what makes most profit from you. Eg. A decathlon might be better cost/benefit ratio wise, but you will always get an ad for Nike, because Nike is paying for the ad, not decathlon.
Such is the lie that was fed to us, and most of us accepted it. Tragedy of the commons indeed.
A philosophy blog is the first thing that comes to find but even then that can have ads for universities, textbooks, quirky t-shirts, etc.
Who knew that ship designers could buy special plugins for CAD environments? Even though I could have guessed it (In fact, I made this example up), it’s still fun and interesting to be surprised.
[1]: https://support.apple.com/en-us/HT205223
It's pretty obvious Apple doesn't have financially valuable properties on the web but they have plenty in their application ecosystem.
In Apple's view Apple News is how people consume news, not go to the web where the user experience isn't custom tailored by Apple. Apple News is barely different than Google AMP that everyone rages against, try to get someone to share a link to a piece of news from Apple News and it will come with the ask to subscribe or download it.
So in Apple's ideal plan almost every place where today ads are displayed will be inside Apple News.
And hey, I wasn't aware there exist another App Store where people can buy applications or in-app purchases on iOS.
And yeah you can turn FLoC off too both today and when it will be in production.
Lastly, when did the argument move from "advertising bad, tracking data always bad, targeted advertising terrible" to "if Apple does it then I'm good with it"?
when did the argument move from "advertising bad, tracking data always bad, targeted advertising terrible" to "if Apple does it then I'm good with it"?
It'd be a lot cooler if you could respond to my actual argument without namecalling and putting words in my mouth. For one thing, it's rude; for another, it doesn't contain much of a counter-argument.
You said the distinction between what Apple does and Google does is 'thin'. The distinction is Apple does this in two specific services of their own, one of which is completely optional and in both cases, the cohort bucketing and tracking can be turned off. Google is putting it in the browser people use to do just about everything on the internet. A roughly similar thing would be Apple adding cohort bucketing to Safari. They haven't. These seem, to me at least, some significant distinctions. Why do you think they aren't?
So your argument is maybe valid (I don't think so, tracking is tracking and this isn't just contextual targeting) only now, as time goes by and Apple accumulates more power your argument is back to being invalid again.
I have an Android phone: I use a non Google browser, non Google app store and non Google messaging app.
This shouldn't exist in your operating system at all.
But yes, looking at ads on the Google Play Store recently tells me I made the right decision to switch to an iPhone.
But - if the regular, more accurate/personalized, mechanisms work in Chromium - why use the less-accurate ones?
2. The more accurate ones are going away.
[1] https://ai.googleblog.com/2017/04/federated-learning-collabo...
There isn't really any hard bound on how much information could be leaked via these algorithms.
> There isn't really any hard bound on how much information could be leaked via these algorithms.
With ~33k cohorts, there is literally a hard bound of just above 15 bits per visit. That's still theoretically a lot if you have some other stable identifier, but practically speaking most users on most sites will have an identical cohort and it will drop off rapidly as cohorts stabilize into groups appropriate for ad targeting.
Barring the other considerations I've mentioned in the comments here, that's still immeasurably better for individual privacy than ~infinite bits per visit from stable third-party cookies.
Nevertheless it seems a formidable addition to a browser user fingerprint.
Which reality is better is up for debate but they won’t be doing both for the same client.
Fingerprinting already slows down websites, and websites still use it extensively. The cost is paid by the users and nobody cares enough to fix it.
"This API democratizes access to some information about an individual's general browsing history (and thus, general interests) to any site that opts into it. This is in contrast to today's world, in which cookies or other tracking techniques may be used to collate someone's browsing activity across many sites."
Can the user detemrine whether a site has opted in without sending an HTTP request the site (and thereby recording the access in her browsing history).
"Sites that know a person's PII (e.g., when people sign in using their email address) could record and reveal their cohort. This means that information about an individual's interests may eventually become public.
"As such, there will be people for whom providing this information in exchange for funding the web ecosystem is an unacceptable trade-off. Whether the browser sends a real FLoC or a random one is user controllable."
Can advertisers determine whether a FLoC sent is real or random.
I can imagine some FLoCs if sent would trigger ads that were undesirable, perhaps damaging to the user's reputation, embarassing, etc.
As described, this system compels users to accept targeted advertising (what Google and Facebook want every user to do). There is no opt-out. There is no such thing as non-targeted ads. Users of browsers that support FLoC can either send real FLoC or random FLoC, but they cannot send no FLoC. If they choose randomised FLoC, they might receive ads targeted to cohorts with which they do not want to be identified. As the next paragraph states, the FLoC when compbinaed with other data can indeed be used as an user identifier. Choosing "randomised FLoC" might mean being publicly identified with undesirable cohorts. For example, IP address might become associated with an undesirable cohort.
"A cohort could be used as a user identifier. It may not have enough bits of information to individually identify someone, but in combination with other information (such as an IP address), it might."
"The expectation is that the user's FLoC will be updated over time, so that it continues to have advertising utility. The privacy impacts of this need to be taken into consideration. For instance, multiple FLoC samples means that more information about a user's browsing history is revealed over time."
"Second, if cohorts can be used for tracking, then having more interest cohort samples for a user will make it easier to reidentify them on other sites that have observed the same sequence of cohorts for a user."
"A cohort might reveal sensitive information."
"Some people are sensitive to categories that others are not, and there is no globally accepted notion of sensitive categories."
"It should be clear that FLoC will never be able to prevent all misuse. There will be categories that are sensitive in contexts that weren't predicted."
"A site should be able to declare that it does not want to be included in the user's list of sites for cohort calculation. This can be accomplished via a new interest-cohort permissions policy. This policy will be default allow."
Default is no privacy. Nice.
"... a site can opt out of all FLoC cohort calculation by sending the HTTP response header:
Permissions-Policy: interest-cohort=()"
Proxy config:
http-response add-header Permissions-Policy "interest-cohort()"
"We will analyze the resulting cohorts for correlations between cohort and sensitive categories, including the prohibited categories defined here. This analysis is designed to protect user privacy by evaluating only whether a cohort may be sensitive, in the abstract, without learning why it is sensitive, i.e., without computing or otherwise inferring specific sensitive categories that may be ass...
Why? I would expect a browser extension to be able to override document.interestCohort to throw an exception?
(Disclosure: I work at Google, speaking only for myself)
If that's an actual way to access it, "undefined" will have to be acceptable due to browsers that don't support it.
And undefined would still have to be handled anyway, as browsers without support wouldn't have the attribute at all (at least for several years after it was accepted, for everything to get the new feature).
The explainer indicates it's a Promise: "cohort = await document.interestCohort()" -- https://github.com/WICG/floc
One reason to make it async could be to give browsers the option to gate access behind a permissions prompt in some circumstances.
> And undefined would still have to be handled anyway, as browsers without support wouldn't have the attribute at all
Definitely. There are also browsers that are unlikely to add support (ex: Brave, as we're discussing)
For example if I visit a website that follows trends in computer hardware... advertisers may pay to put ads in this site to PC parts, etc. If I visit a site about popular camping locations.. advertisers can purchase ads that are relevant to camping,gear, travel etc.
The very idea that we need a tracking identity that monitors and identifies behavior from site to site is ridiculous.
If you get rid of user tracking, anyone or their brother can sell ads, and then why deal with Google?
Cohort membership changes pretty frequently instead. So the system may put all people that browse mostly golf sites together in cohort 12345 that only the algorithm knows it's about golf sites, people enter and leave that cohort on a daily basis and you can only be a member of a single cohort at a time.
Also, even if I take for granted that everyone's cohort changes daily, how does that imply anonymity? Like say my habit is that I check emails a ton on Monday, go on YouTube on Saturday, read the news on Sunday, etc... so my habits are changing daily, okay, but not weekly, right? Or maybe I do them in a different order on another week, but I'm not going to develop 1000 different habits across 1000 days, right? Shouldn't some kind of frequency analysis provide fairly consistent results?
"as your FLoC cohort will update over time, sites that can identify you in other ways will also be able to track how your browsing changes [...] a FLoC cohort is nothing more, and nothing less, than a summary of your recent browsing activity."
https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-...
There needs to exist a way to identify you in other ways and in the future cookies won't be one of those. So a site that has your information because you shared it with them will be able to see your cohort changing, otherwise you'll look like a new user each time.
And yeah I'm extremely familiar with FLoC, more so than the EFF.
this itself is already unwanted
> otherwise you'll look like a new user each time.
but you won’t, because the existence of a non-fingerprinting-based solution isn’t going to stop fingerprinting.
1. https://github.com/WICG/floc/issues/4
But IP alone is imperfect as well anyway for tracking.
If FLoC goes as they plan, there will be less tracking overall, but the tracking there is will be considerably more centralized, less technically transparent, and cement incumbent market advantages. (All totally coincidental unfortunate side-effects of Google's concern for your privacy.)
It is available to everyone:
See https://github.com/WICG/floc(Disclosure: I work for Google, speaking only for myself)
What do you mean, create your own?
It's only being introduced because they're afraid of regulation.
No one wants to consent to being spied on, so FLoC is circumnavigating the GDPR consent requirements, letting them spy on all Chrome-users without consent.
Your FLOC cohort is a summary of your web browsing activity. FLOC doesn't solve the privacy problems that trackers create - it just hands them your browsing history on a silver platter.
"Yes! You are unique among the 3387629 fingerprints in our entire dataset."
Browser fingerprinting already works fine without FLoC.
With Safari on macOS I get a score of ~1/8500. Not amazing, but certainly not catastrophic.
Id gladly pay for my content just to watch the ad-tech industry die, its not just about "ads", they are building the infrastructure for the surveillance police state.
But why?
> they are building the infrastructure for the surveillance police state.
But FLoC is explicitly about doing ads in a way that does not lead to a "surveillance police state". So why is it bad?
The bottom line is that you are giving them your browsing data, obfuscated by fancy algorithms. Unless you trust ad-tech to have the best interests about your privacy (ha!)
Because it effectively exposes your browsing history. If privacy is a concern that's not something you want.
Yeah, working on it.
> "But fingerprinting!" is yet another pretext for just trying to make advertising in general non-viable for aesthetic or ideological reasons.
It isn’t though.
Not sure why it is supposed to be significant improvement.
"FLoC cohorts will comprise thousands of users each, so a cohort ID alone shouldn’t distinguish you from a few thousand other people like you. However [a tracker now] only has to distinguish your browser from a few thousand others (rather than a few hundred million). In information theoretic terms, FLoC cohorts will contain several bits of entropy—up to 8 bits, in Google’s proof of concept trial. This information is even more potent given that it is unlikely to be correlated with other information that the browser exposes. This will make it much easier for trackers to put together a unique fingerprint for FLoC users."
"as your FLoC cohort will update over time, sites that can identify you in other ways will also be able to track how your browsing changes [...] a FLoC cohort is nothing more, and nothing less, than a summary of your recent browsing activity."
https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-...
So to be clear, "Big Ad" is like, dentsu, Publicis, Omnicom, etc. Companies that don't show up on HN much (but do ultimately buy the services which pay a ton of HNer's salaries).
They don't like Google very much, but Google owns a ton of space to put ads on, lots of first-party traffic with interesting properties, and more accurate targeting models than most other companies combined. So they have to work together. Real Big Ad would all rather keep the third-party cookie and not have to deal with FLoC, because they know they're already trapped in dealing with Google based on market demands, and FLoC will give Google even more forceful technical leverage.
If you view the market through only this lens it becomes very easy for partisan interests (e.g. Brave, just as much an advertising company as Google) to trick you. Google is notable for how disintegrated it is from the rest of the ad business, between its technology monopolies and vertical integrations.
https://www.badvoltage.org/2021/04/01/3x26/
Very fitting.
That's what makes me wary of the whole Chromium fork concept. Every time Brave/Vivaldi/Edge/etc decide to take a different path from Google's they effectively add to their maintenance burden forever, even if like in this case they actually disable an unwanted feature.
How long until the list of patches to backport for every new version of Chromium becomes so large that they have to pick and choose which one to keep maintaining and which one to give up on? If tomorrow Google decides to push a very deep change to the way, say, extensions are handled that makes them less effective at ad blocking, will Brave accept the burden to suddenly have to maintain a very deep fork of the browser in order to maintain old functionality?
I'm effectively FUDing right now, but my concern is genuine. I'm very perplex that you can make an effectively anti-ad, pro-privacy browser based on the source code of one of the biggest ad companies in the world.
It's not zero effort, but pretty easy.
https://github.com/brave/brave-browser/wiki/Deviations-from-...
We have a pretty comprehensive patching system which you can read more about here: https://github.com/brave/brave-browser/wiki/Patching-Chromiu...
There is a small team of folks here constantly working on rebasing the next Chromium version on Brave. They fight these deviations and try to minimize the patching as much as possible- so future versions are easier and easier. We even have some clever UI patching for the Polymer pages
There definitely have been challenges - for example, with Chromium 69, the network delegates were moved over to NetworkService which broke our shields code. But I'm really proud of the work done to minimize things. For a long time, the team rebasing Chromium was just one person... and we've always delivered Chromium upgrades and updates to Brave users within 24-48 hours of Google's stable channel
Why? Because they just hate advertising. The whole "third party cookies are bad" thing has always been a sham: it was never about privacy. It's always been about killing advertising itself.
We had advertising before invasive tracking. The ad business can survive without tracking, they just don’t want to.
You misunderstand - Google is in the business of compromising your privacy. They have lots of teams of lots of very smart people figuring out how to compromise your privacy.
Further, they are in the real world business of doing it. They are not naïve as your comment was - they find the balance of how far they can push it, by a combination of monopoly power, and also cunning politics, PR and posturing - they are fighting tooth and nail and using every tactic and trick in the business, with an unlimited budget - specifically to compromise your privacy for their financial and political power gain. Any area where they 'seemingly' back away from compromising your privacy, is where they have done extensive cost benefit analysis, and come up with alternative trickier or less understood ways to get what they want but that is more politically acceptable.
This is the underlaying reality - the rest of the details of FLoC etc is an information battleground where you as a user are fighting unlimited budget teams that are highly motivated to exploit your privacy. Advertising is in fact just one slice of the power they wield by exploiting your privacy along with everyone else on the planet's.
If you try to look at just FLoC in isolation you will miss the forest for the trees, as the results of FLoC are correlated with many other sources of information.
FLoC's motivations are some balance of:
- reducing PR fallout due to increasing awareness of their exploitation of everyone's privacy
- keeping full access to information they already extract from you and everyone else, and in fact increasing it as possible
- reducing or hindering other parties access to the total information so they gain more relative power
The rest my dear chap is details and their teams and teams of analysts working on this have all day every year to outsmart you in the details of how this is implemented.
Content creators are not entitled to decide what ads I choose to see and not see.
When they serve content with ads, they are not demanding anything.
I think most people who are criticizing FLoC would challenge the idea that this class of functionality needs to or should exist at all.
All this FloC, third party cookies, etc. are efforts to make that advertisement route more efficient. So my question is what are the critics proposing instead? Get rid of ads and just ask the audience to pay per view or make everything a subscription? Not paying content creators (ad blocking) is certainly not a sustainable alternative.
Advertising was effective as an image or text that shows the reader a value proposition. What we have these days is stalkers and information rapists pretending to be advertisers.
Your daily paper didn't have a list of your interests yet succeeded in making money through advertising. Why can't they now?
https://spreadprivacy.com/block-floc-with-duckduckgo/
I don't see any other way and I can't see what these people at EFF are arguing for? It's easy to just keep saying no to everything.
>document.interestCohort()
>VM131:1 Uncaught TypeError: document.interestCohort is not a function at <anonymous>:1:10
"At Vivaldi, we are committed to protecting our users from online trackers, and we would not want to enable any kind of user behavioural profiling. The FLoC experiment does not work in Vivaldi, because it relies on several hidden preferences being set, and we do not enable these options in Vivaldi. Our future plan is to prevent the Floc component from functioning, no matter which way it is implemented."
Ad industry: "Look. We listened to your concerns about ad privacy. Here's a solution that gives you everything you want. Now we can serve interest-based ads without tracking you across the internet. You win."
Brave: "We don't want a solution. We want to be sanctimonious and angry!"
(Actually does nothing or the sort, continues tracking users while making user experience even worse and some crucial Web features unusable for indie devs.)
>Brave: "We don't want a solution. We want to be sanctimonious and angry!"
(Pushes "ad industry" out of the way and performs its own tracking and ads.)
You can do this by just setting up a new profile and visiting various pages, then checking what the FLoC ID is. See here for an example by Jonathan Foote: https://twitter.com/footePGH/status/1380568421490905088
It's based on your browsing history, so companies will now be able to get an aggregate of your interests without having to actually track you across other sites.
It's a particularly granular one, as well, placing users into manageable cohorts of only a few dozen thousands in size, or so is claimed.
Combine FLoC with a handful of other fingerprint bits and you can track an individual.
Contextual advertising. Flip the entire thing upside down and let the sites declare to the advertisers what niche they fill, and let them get relevant advertisements.