Over the last few months you have likely come across the acronym FLoC. FLoC here meaning Federated Learning of Cohorts. It is sadly not a reference to The Flock.
This proposed standard created by Google is a replacement for cross-site cookies that places users in groups rather than tracking them individually through cookies.
Right now cookies could relay to advertisers that you like expensive cheeses and so you are fed relevant advertisers. If FLoC works the way Google intends, you would instead be placed into a group of others who like expensive cheeses rather than having advertisers be able to identify you individually. This should, in theory, mean that advertisers have less information about you.
While this sounds like a better alternative to cookies, many other browser creators and experts have torn into FLoC and raised concerns. The latest to do this is chief technology officer at Mozilla, Eric Rescorla.
One of the findings from Mozilla’s analysis of FLoC is that cohort IDs can be used for tracking.
“Because only a few thousand people will share a given cohort ID, if trackers have any significant amount of additional information, they can narrow down the set of users very quickly,” writes Rescorla.
One of the ways this could be done is by exploiting browser fingerprinting.
As Rescorla explains, aspects of your browser would be unique such as which browser you use, what language you use and more.
“Let’s give an example using some numbers that are plausible. Imagine you have a fingerprinting technique which divides people up into about 8 000 groups (each group here is somewhat bigger than a ZIP code). This isn’t enough to identify people individually, but if it’s combined with FLoC using cohort sizes of about 10 000, then the number of people in each fingerprinting group/FLoC cohort pair is going to be very small, potentially as small as one. Though there might be larger groups that can’t be identified this way, that is not the same as having a system that is free from individual targeting,” the Mozilla CTO explains.
There are more concerns as regards how much information an advertiser could glean from cohorts and how with enough data you could be identified.
The Mozilla CTO says that while these issues are a concern they can be addressed before FLoC is rolled out to a wider user base.
You can read Mozilla’s full analysis of FLoC here.
[Source – Mozilla]