I have been reading up on Chrome’s new Topics API and FLoC. Can someone explain to me why it is bad? Do the negatives of FLoC also apply to Federated Learning? (I’m not saying that FLoC is good, I’m just confused.)
Floc (renamed Topics) is bad for the same reason cookies tracking you across the internet is bad, mostly. Third party cookies, for example, can be used by data brokers including Google to learn who you are, what you are, what you want, what mental or physical or relational problems you have, etc.
Eventually, companies that don’t make all their money selling data started to change that:
Companies including Apple are already fighting back against this kind of tracking, primarily by simply blocking [third party cookies] altogether… Google would prefer to continue to allow targeted advertising while keeping users anonymous, and it wants to replace cookies with FLoC by 2022—but the idea has been met with a wave of opposition from other parties.
Google came up with a solution that would kill two birds with one stone:
- Subvert the attempt to banish cookies by building them into Chrome, the world’s biggest portal to the Internet
- Out-evolve the competition: if Floc survives cookies, Google’s data harvesting competitors no longer have a seat at the table for how data harvesting will work.
“Topics” is the second coat of paint put over what is essentially Tracking Cookies 2.0.
Google’s data harvesting competitors no longer have a seat at the table for how data harvesting will work.
As if governments are going to allow that. Google is already being investigated for their plans to disable third party cookies by other advertisers. That’s part of the reason why they’re doing this anyway. The rest of the ad industry has gathered behind their own standard, which is much more invasive. The British CMA has stepped in to make sure Google doesn’t remove first party cookies too soon, because that would impede other advertisers.
Google wants to get rid of a large part of their data gathering system because collecting all of that data is a huge business risk, up to 4% of global revenue under the GDPR, but if they were to disable third party cookies tomorrow, they’d get fined to hell and back by antitrust lawsuits.
I don’t really get why it’s “Tracking Cookies 2.0”. Data is stored and analysed locally and, from a technology point of view, allows for user customisation. Chrome doesn’t offer that customisation beyond offering the user the ability to remove a detected topic (get it together, Google!) but I can’t say I can see that much of a problem with giving websites a 33% chance of learning that I like computer technology.
This is not to be confused with Unified ID, an attempt to standardise invasive tracking procedures, using PII as a source for generating identifiers. This includes “normalisation” of email addresses (so turning john.doe+tiktok@gmail.com into john.doe@gmail.com to bypass people trying to find out who’s selling their email address).
There are other Google technologies that are much worse; remote attestation of Javascript, for example, which is already in use in Safari, though it’s not as bad as Google’s proposal. The design and UX of Chrome’s FLoC implementation is also pretty shit. However, I think the privacy impact of the new system is drastically overstated.
I have a lot of questions about your comment. Forgive me if I misinterpreted what you meant. Also, I’m not the person you responded to, just FYI.
Google wants to get rid of a large part of their data gathering system because collecting all of that data is a huge business risk
Gathering data on people is Google’s business, so what do you mean by this? Topics is still going to gather information; if anything, it accelerates data harvesting, because all of that tracking information has to be decoded at a hub – which, of course, will be Google. So what do you mean by that statement?
don’t really get why it’s “Tracking Cookies 2.0”. Data is stored and analysed locally
… and then shared with the websites you visit. It doesn’t stop web sites from profiling browsers, and the cohort can be used to drastically reduce the set of possible users and pinpont an individual. How is that not “tracking cookies 2.0?” Any information a tracker can get about you, including your cohort ID, improves identification algorithm results.
It’s even worse than cookies, because fundamentally it’s profiling. And when the data leaks happen, it’ll be lists of people lumped together however tenuously with other people, regardless of their real interest. If you thought the Ashly Madison breach wreaked marital havok, wait until the first data breach where perfectly innocent people are lumped into a cohort that also happens to strongly feature visitors to Grindr.
We agree that Google is a wellspring of horribly invasive, privacy-violating technologies; I just don’t understand why you feel this one is different, or overstated. The strong (and technical) responses from Mozilla and the EFF are a good bellweather for things like this.
It’s yet another scheme to gather data about Chrome users for the benefit of advertisers. Aside from the fundamental problems with that whole idea which people most often point to, it’s also underhanded in a way that cookies, tracking scripts, and browser fingerprinting aren’t: It’s code that’s built in to the web browser itself which exists for no purpose other than to act directly against the interests of its users. It may be the first time that’s happened in such an obvious and unambiguous way.
Federated learning as a machine learning topic is unrelated to floc afaict.
The issue I have with things like FloC and the topics API are that they are attempts to keep the cash flowing at Google before disabling 3rd party cookies, when it seems obvious that the time to disable 3rd party cookies is now.
So the features on my Pixel that use federated learning don’t share the same privacy risks as FLoC?
I think not? I’m sure it still comes with some privacy risks, plus your phone is using power you paid for to train models owned by someone else I believe. What features are you thinking of? Lol I use a pixel as well
Vivaldi removed it from Chromium more than 2 years ago, just like before and after all of Google’s other dirty tricks to track and profile users. No serious browser, Vivaldi, Firefox or Mozilla forks, will enter the Google game.
@tester1121 so you can rest assured (as long as you don’t use Chrome or EDGE or search with Google)
https://vivaldi.com/blog/no-google-vivaldi-users-will-not-get-floced/
All you need to know is its a proposal by Google for a new web standard. Enough said.
from my experience the description of what this is by google itself is confusing and/or misleading, so be wary
I think this is a pretty good breakdown and worth a read. Some key takeaways are that with FLoC Google would be able to track visitors to your website even if you were not using Google Analytics, and that the mechanism is built-in the Chrome browser so entirely controlled by Google.
Here is a related article about Topics, the FLoC replacement.
