Juha Saarinen: Is FloC Google's new privacy-busting cookie monster?

Google's browser tracking tool has been greeted with industry suspicion. Photo / 123RF

OPINION:

Privacy is unfortunately not something we can just get over and forget about. There's almost infinitely scalable computing power and storage capacity to process ever-deeper data lakes containing information on us that most of us aren't even aware is being collected.

We only realise the extent and scale of the information collected on us when data breaches that leak sensitive, personally identifiable information on hundreds of millions of people leak out on the internet. Yes, I'm looking at you Facebook and LinkedIn.

The issue is coming to a head and has over the last few years become a marketing opportunity. That is, companies like Apple, search engine DuckDuckGo and browser vendor Brave making a point of not collecting data on users, and making privacy a selling point.

Web browsers, in particular, are great for finding out more about you, as they're the tools that let you see the content on the internet, and log your online activities in great detail.

One way to track you online involves cookies in the browser. Despite the cute name, cookies are vital for the modern web, allowing sites that set them on your machine to remember your preferences, whether you're logged in or not, and other essential functionality.

However, cookies can also be set by for example advertisers to track you across multiple sites which would leak your browsing history to various faceless internet companies, many of which are scammers.

That level of tracking targets individual users, and is a privacy invasion. As of last year, several browser vendors are blocking third-party cookies by default for that very reason, and also making device fingerprinting harder.

Google said it will do the same in Chrome, the world's most popular web browser, which won't support third-party cookies by some time next year.

Wait, Google which owns the internet search and the web browser markets will ditch the main tracking tool for targeted advertising, third-party cookies?

Well yes, but Google likes targeted ads and wants to replace third-party cookies with the Federated Learning of Cohorts or FLoC system. Unlike cookie text flies on users' computers, FLoC uses machine learning to group people together, based on browsing history, so that advertisers can learn their interests.

FLoC is very much work in process with parts of the proposal unfinished but judging by the industry reception, Google faces an uphill struggle with acceptance for its new web tracking tech.

The issue is one of trust: FLoC could be a powerful tool if done right, with differential privacy budgets and more.

It's not transparent, however, and it appears FLoC could remove control from users and advertisers and give it to browser vendors. Which in the case of FLoC is Google, as no other browser vendor has shown interest in adding the tracking tech, not even the ones that use the open-source Chromium software that Chrome is based on.

Adding to the suspicion of commercial interests, Google is in legal hot water in Texas over a secret "Project Bernanke" (yep, named after the Fed Reserve person) tool.

This allegedly used the company's already collected data to give its ad buying system an unfair advantage over competitors, earning hundreds of millions of dollars in the process.

Although a stated aim is to balance personalisation with privacy, the FLoC proposal on the Github code repository is pretty open about how the technology could be abused to compromise the latter aspect, like the risk of combining other forms of information with the Cohort ID to re-identify users.

Google is now testing FloC with some users around the world, including New Zealand and Australia.

The tech is not tested in the European Union though because of the economic and political bloc's strict General Data Protection Regulation (GDPR) privacy rules, which is telling.

Online freedom stalwarts the Electronic Frontier Foundation has come out solidly against FLoC, calling it a "terrible idea". EFF has also set up a site, Am I FLoCed that lets you check if your browser has been assigned a Cohort ID.

Privacy oriented search engine DuckDuckGo last week added a FLoC-block feature in its Chrome extension. It will be interesting to see if Google lets that cheeky move pass.

FLoC is a very 2020s story, that mixes tech, internet-scale business, privacy and security. Here's hoping our regulators have the time and resources to keep an eye on it.