Nobody flies to join Google’s FLoC


Google only uses the proposed ad technology to replace third-party cookies. Every major browser using the open source Chromium project has refused to use it, and it’s unclear what that means for the future of Internet advertising.

A few weeks ago, Google announced that it was starting to test a new ad technology in Google Chrome called Federated Learning of Cohorts, or FLoC. It uses an algorithm to look at your browsing history and put you in a group of people with similar browsing history so advertisers can target you. It is more private than cookies, but it is also complicated and has some possible privacy implications if not implemented properly.

Google Chrome was built on an open source project and so FLoC was implemented as part of that project that other browsers could include. I am not aware of a Chromium-based browser other than Google’s that will implement it and I am very aware of many that will decline.

One comment I drop here is that I am relieved that no one else implements FLoC right away, because the way FLoC is built puts a very large responsibility on a browser maker. If implemented poorly, FLoC can leak sensitive information. It’s a complicated technology that seems to keep you semi-anonymous, but there are enough details to hide dozens of devils.

Anyway, here it is Brave: “The worst thing about FLoC is that it materially damages users’ privacy under the guise of being privacy friendly.” And here is Vivaldi: “We will not support the FLoC API and plan to disable it regardless of how it is implemented. It does not protect privacy and it is certainly not beneficial for users to unwittingly give away their privacy for Google’s financial gain. ”

We have contacted Opera also for comment. DuckDuckGo is not a browser, but it has already created a browser extension to block it. And the Electronic Frontier Foundation, which is very much against FLoC, even has created a website to let you know if you’re one of the few Chrome users included in Google’s early tests.

But arguably the most important Chromium-based browser not made by Google Microsoft EdgeIt’s a big test for Google’s proposed FLoC technology: if Microsoft isn’t going to support it, that would pretty much mean Chrome really does it on its own with this technology.

In the great tradition of Congressional technical hearings, I asked Microsoft a yes or no question: does it plan to implement FLoC in Edge? And in the same great tradition, Microsoft replied:

We believe in a future where the Internet can provide people with privacy, transparency and control while supporting responsible business models to create a vibrant, open and diverse ecosystem. Like Google, we support solutions that give users clear consent and don’t circumvent consumer choice. That’s also why we don’t support solutions that use unapproved user identity signals, such as fingerprints. The industry is on a journey and there will be browser-based proposals that do not require individual user IDs and ID-based proposals that are based on consent and first party relationships. We will continue to explore these approaches with the community. For example, we have recently been pleased to introduce one possible approach, as described in our PARAKEET proposal. This proposal is not the last iteration, but is a document in development.

That’s a LOT to unpack, but it sounds a lot like a “no” to me. However, it is a “no” with an important context. But before I get too deep into it, let’s talk about a few non-Chromium browsers – because an important part of all of this is that Google’s FLoC technology is still a proposal. Google says it wants to make it a fundamental part of the internet, not just a new feature in its browser.

Here’s a statement that a Mozilla spokesperson has provided us with regarding the plans for Firefox

We are currently evaluating many of the privacy protection advertising proposals, including those made by Google, but we currently have no plans to implement them at this time.

We don’t assume that the industry needs billions of data points about people, collected and shared without their understanding, to show relevant ads. That’s why we implemented Enhanced Tracking Protection as standard to block more than ten billion trackers per day and keep innovating on new ways to protect people who use Firefox.

Advertising and privacy can coexist. And the advertising industry may operate differently than in recent years. We look forward to playing a role in finding solutions for a better Internet.

As for Apple’s Safari, I have to admit I didn’t call out for comment, because right now it’s not hard to guess what the answer will be. After all, Apple deserves some credit for changing everyone’s default view of privacy. However, the story here is actually much more interesting than you might initially guess. John Wilander is a WebKit engineer at Apple who works on Safari’s privacy-enhancing Intelligent Tracking Prevention features. On Twitter he was asked whether Safari would implement FLoC or not and here is his answer:

Wilander’s response is in line with Microsoft’s statement that “the industry is on a journey” when it comes to balancing new ad technologies and privacy. More importantly, it talks about something very important: people with web standards take their work seriously and are seriously committed to the web standards process that creates the open web.

I often make that process light as slow, contentious and frustrating. It’s all those things. But it is also the last line of defense against the full and total splitting of the web into pages that are only compatible with specific web browsers. That’s not the internet at all.

And so what you’d expect to be a tough “no” from Apple (and what will almost certainly be a tough “no” in the end) instead becomes a commitment to the Web standards process and taking Google’s proposals seriously. Ditto from Microsoft.

All of this happens because every major browser already has or will soon block third-party cookies, the standard way to identify you and track you around the web. And every major browser has committed to ensuring that you are not personally identifiable to third party advertisers. Even Google’s own advertising team has said so much.

The end of those cookies is called the Cookie Pocalypse, and it’s apocalyptic because no one really knows what advertisers will do once those tracking methods are included. And so, major browser vendors are currently proposing various new solutions.

Apple, Google, and Microsoft all have ideas about how Internet advertising should work. We’ve discussed at length about Google’s FLoC, but you might be surprised to learn that Apple isn’t just trying to stop all ads; it has own advertising proposals to improve privacyAnd that arbitrary reference to PARAKEET in Microsoft’s statement? Another ad proposal

The problem here is that the Cookie Pocalypse is already near. Many browsers already block third-party cookies. Google Chrome is the big blocker when it comes to blocking third-party cookies, but it’s also the browser with the largest market share.

Google has committed to disable third-party cookies by 2022, but it seems very unlikely that the web standards process will get a response by then. In fact one of them Google’s other proposals won’t start testing until late this year – far too late to be implemented by the ad industry if Google keeps its original promise. Who knows what advertisers will do then?

The technology here is complicated, the process is slow, and the outcome is unclear. This is normal for the Internet course. Normally I would tell you not to worry about it and just let the W3C run its course. But the stakes are very high: Your privacy, huge amounts of money, and the interoperable nature of the web itself can all go up in smoke if these browser makers don’t figure out a way to thread all these needles. Cookie pocalypse, indeed.